![4 Security Engineering for Embedded and Cyber-Physical Systems
1.10 The Consensus Algorithm in Blockchain 13
1.10.1 Proof of Work (PoW) 14
1.10.2 Delegated Proof of Stake (DPoS) 15
1.10.3 Practical Byzantine Fault Tolerance (PBFT) 15
1.10.4 Raft Consensus Algorithm 16
1.10.4.1 Technology behind blockchain 16
1.10.4.2 Aspects of blockchain technology 17
1.11 Exhumation of Blockchain Technology in the Concern of
Information Security 18
1.11.1 Authentication of Identity 18
1.11.2 Protection of the Infrastructure 19
1.12 Data Security in Blockchain 19
1.13 Discussion 20
1.14 Algorithms 20
1.15 User Roles in Blockchain Project 21
1.16 Developer Concepts 21
1.17 Conclusion 22
Acknowledgment 22
References 23
1.1 INTRODUCTION
The basic concept of blockchain technology is that it uses the process of the distributed
database, which performs a number of transactions that are entirely open to the partici-
pants. The blockchain system verifies all the transactions that are made, and once the
transaction is done, it keeps track of the transactions and it is not possible to destroy the
records. The blockchain specifies that it gives pure verification to all the transactions
and keeps a solid record that can never be misguided. In simple words, it is much easier
to steal something placed in a specific place rather than stealing the same thing placed
in front of thousands of people [1].
The blockchain is made up of blocks, each of which contains a record of all the
exchanges made between its users at a given time. These different blocks thus provide
a history of all the transactions since its creation and allow everyone to check the accu-
racy of the data exchanged.
The blockchain is a distributed register: it is the user who own and update the infor-
mation, without the need for a central authority. This decentralized nature allows it to
be used in many different ways, beyond digital currencies such as Bitcoin, for which it
was invented in 2008. Bitcoin is one of the prominent examples introducing the world
with a multi-billion market with all the anonymous transactions. It doesn’t involve any
centralized control. It is one of the famous cryptocurrencies that has attracted millions
of people to participate, but, on the other hand, there are many controversies [2].
Let’s analyze the current situation of the digital economy. It will be clear that all
vendors providing the services are based on trustworthy sources. In simple words, it will](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-19-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 5
be clear that there is always a centralized medium for management that gives the people
the confidence to rely on these sources for their investment. For example, let’s consider
the banking system, just like any banking transaction we do. Bank confirms that a third-
party agent always plays a centralized role if the transaction is processed successfully.
But here, the compromised thing is that this third-party agent can be easily vulnerable
to security threats, which creates a risk for the system to be hacked.
So, at this point, blockchain technology has an important consideration. This is
one of the unique ways of securing all the relevant transactions of all time which can
be verified easily. And this verification is done based on the privacy of the digital world
and all the participants involved. In other words, the distributed nature of blockchain
technology and anonymity are its unique features [1].
1.2 SECURITY CONCERN IN BLOCKCHAIN
Information security is correlated with social life, wherein it can run in the whole system
of national informatization. The construction of national informatization is the central
point of information security. People have invested vastly in information security due to
security concerns in their social and work lives.
Blockchain can also be a strategic tool for cyber security. Indeed, the current wave
of cyberattacks is becoming increasingly sophisticated, fueled by both sophisticated
mechanisms and a proliferation of devices that offer hackers numerous entry points.
Although solutions are developing in line with the evolution of attacks, they could nev-
ertheless reach their limits when faced with a certain type of malicious act.
In addition, it is bringing a revolutionary change in information security and tech-
nology. This technology can identify and certify, stay strong against Distributed Denial
of Service (DDOS) attacks, and assure data credibility and integrity to develop the
information security technology. Blockchain technology is the base upon which founda-
tion of Bitcoin data structure and the transaction of information-encrypted transmission
is constructed [3].
Blockchain technology uses a cryptography form and provides an open, decentral-
ized database of every transaction involving value, money, goods, property, work, or
even notes. Cryptography ensures that no one can change the records. It was usually
developed as the accounting method for Bitcoin and is used in many commercial appli-
cations today. The main purpose of the blockchain is to verify the transactions. It is
straightforward to digitize code and insert any document into the blockchain [4].
The blockchain is made up of a vast network of nodes. The computers of the block-
chain network use a different client that executes the transactions, i.e., validating and
relaying transactions. When you join the blockchain network, the node automatically
gets the complete copy of the blockchain. Every node is regarded as the administrator
of the blockchain and every person can participate in this network and get the chance
of winning Bitcoins. Each node in the network updates the record independently [5].
The blockchain is a type of database that the public holding encrypted ledger can
access; this means a block is the current part of the blockchain which records the recent](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-20-320.jpg)
![6 Security Engineering for Embedded and Cyber-Physical Systems
transactions. Once verified, it becomes a permanent part of the growing blockchain. The
people who run the system use computers to hold bundles of records made by others,
known as “blocks”, as a chronological chain. The “block” is the main and important
part of the blockchain, verifying and recording recent transactions. After the comple-
tion of the block, it gets saved in the permanent database of the blockchain. Whenever a
block gets completed, it overrides the previous one. In this way, numbers of blocks are
connected in a blockchain. The blockchain carries a complete set of information about
a specific users’ addresses until the last completed block [5, 6].
Every block contains some information, some of the new block and some of the
last block.
• Data: Each piece of information present in the block depends on the type of
blockchain.
• Hash: The block contains a hash in it, you can compare a hash to a fin-
gerprint. Hash is very useful in detecting and upgrading the block [7]. It is
always unique and it identifies the block. If you make changes inside the
block, it will cause the hash to change.
• Hash of the previous block: This effectively creates blockchains and secures
the blockchain. If the hash of previous blocks changes, it will make the fol-
lowing blocks invalid. The first block is known as the genesis block.
1.3 MINING IN BLOCKCHAIN
The blockchain is particularly the technological innovation of Bitcoin mining. The
transaction which has been completed gets recorded into the blocks and then automati-
cally into the blockchain, where first it is verified and then used by other Bitcoin users.
On average, every 10 minutes, a new block is generated in the blockchain using the min-
ing process. Bitcoin is just the beginning of the blockchain. In the future, blockchain
will manage and verify online data.
Blockchain network lacks the centralized points that computer hackers can easily
exploit. The Internet today has many security issues that are almost familiar to everyone
in this world, as we all rely on simple “username/password” to protect our identity [8].
For security reasons, blockchain uses encryption technology. You can store your data on
blockchain without any fear. It can solve a stock transaction in a few seconds if it takes
place on a blockchain-based system. It can never get manipulated or hacked because of
the basic structure of blockchain. Once the information has been saved inside a block-
chain, it is very difficult to update the information [7].
The most transformative application of blockchain is the “Smart Contracts”. These
automate the payments and safe currency transfer as negotiated conditions are met.
A company could signal via blockchain that a good has been received, automatically
triggering the payment [8]. The implications of blockchain technology are fascinating.
Many tech companies are adopting blockchain technology to disrupt a variety of indus-
tries. This technique would embed the Bitcoin mining chips into Internet of Things](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-21-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 7
(IoT) devices and cell phones, according to research. Some established firms are also
interested in using this technology such as Microsoft Corporation. Blockchain also
offers point-to-point (P2P) network as everyone can join this network. When a user
joins this network, she/he gets a full copy of the blockchain, which the node can use to
verify that everything is in order. When someone creates a new block, that block is sent
to everyone in the network, and each node verifies the block to ensure it has not been
tampered with. Then, every node adds the block to their blockchain [9].
The uses of blockchain technology are endless. You only have to download this
app on your computing device, then you can transact with it without paying a single
transaction fee. Some expect that in less than 10 years, it will be used to collect taxes.
It will make easy for the immigrants to send money, back to countries where access to
financial institutions is limited. It could also enable us to launch companies entirely run
by algorithms making the self-driving car safer. It can also track billions of devices on
the IoT. These innovations will change our lives forever and it’s all just beginning [10].
The blockchain technique can add up to serious cost savings. The blockchain serves as a
financial institution and each block in the blockchain is like an individual bank statement.
1.4 INNOVATION OF BITCOIN
Blockchain technology is the public ledger responsible for keeping all the records from
the very first stage. It makes the transactions information available for keeping records
and verification purposes. The backbone of the blockchain comprises a number of
blocks linked to each other and every new block is generated and added to the chain
in a sequence. For authentication purposes, Bitcoin uses special digital signatures, i.e.,
ECC [11]. And for verification, there are certain vendors in the Bitcoin-linked network
known as miners. These miners are based on specially programmed software that uti-
lizes computer power to verify the transactions. It uses the bandwidth and the electric
power, where blockchain comes into action.
Every time, a block is generated repeatedly throughout the Bitcoin system with the
help of a miner. This way, replicated copies of all the Bitcoin transactions are gener-
ated across the network for the last 10 minutes. So, in this way, the miner utilizes the
computer power to ensure effective transition between the two parties without any issue.
This is how Bitcoin is different from the normal traditional banking system. The largest
amount of Bitcoin that has ever existed is 21 million. Due to this, all the payments made
are like taking the currency free of limitation. That is how a transmission control pro-
tocol based on the “communication” protocol is different from the blockchain protocol,
which is based on the “value exchange”. So, the only way to add more Bitcoin to the
network is to use the process of mining [12].
Nowadays, the world is leading toward using the new version of blockchain tech-
nology, indicating other ways of using this technology, which is not just limited to
transferring money. There are a number of new protocols that have been introduced,
i.e., Multichain or Ethereum, etc., that can be considered for using this technology in
a better way. Most of them are normally based on the similar concept of distribution](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-22-320.jpg)
![8 Security Engineering for Embedded and Cyber-Physical Systems
system, i.e., ledger and some of the better features are added like smart-contract and
many other applications. Work is continuously being done to increase the boundaries
of this technology and many new techniques and applications are introduced [11, 12].
1.5 BITCOIN
According to the report, there are around 110 types of cryptocurrency. Still, Bitcoin
constitutes about 77% of the cryptocurrency’s total market due to the highest number of
available active users [12]. It is one of the famous forms of a digital currency run over
the entire network. It points to a point-based system of payment that doesn’t constitute
any central medium.
The major backbone of Bitcoin is blockchain technology. And this technology com-
prises all the available features for the Bitcoin currency. One Australian businessman
named Satoshi proposed the foundation of Bitcoin back in 2008 [13]. Figure 1.1 shows
mining process in Bitcoin.
1.6 BACKGROUND TECHNOLOGIES
All the individuals who want to add the block must follow up with some work. So,
for the proof of work (PoW), it requires a significant amount of computational power
involved in giving the proof, like, in this way, all the participants in the network can
FIGURE 1.1 Bitcoin mining.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-23-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 9
know that the work is done for generating more blocks in the chain. Therefore, this can
prevent the bad users from manipulating the chain, thus ensuring the system’s integrity.
Hash-cash is the function used to promise the verification of the system based on
the PoW. It doesn’t involve any kind of central medium, rather it is distributed effec-
tively. It uses the method of symmetric key cryptography, i.e., SHA-1 or SHA-256 [14].
The major function of the hash value is that it takes the data that can be of an
alternative size and because of that input, it transforms the data in a way that it is not
possible to reserve it and makes it into a special string. In case of any changes in the
data received, the hash function is changed very randomly. Thus, no one can make the
same hash value with the various data blocks. So, every hash matches specific data,
while in the case of Bitcoin, all the input data is more than the SHA-256 hash value [14].
Therefore, Bitcoin doesn’t require any serial number as the specific hash value identi-
fies each block. This strategy provides the identification and promises the integrity of
the data. Adopting this kind of strategy allows us to verify the real owner of Bitcoin. It
ensures the distributed database of a number of available transactions, which avoids the
user for wrong spending.
1.7 POINT-TO-POINT NETWORK
In the Bitcoin framework, there are “nodes” involved in the operation of the whole sys-
tem. In the P2P network, all the involved parties hold similar opportunities to start the
communication process. That is how, all are involved in the processing of transactions,
keeping the record updated in the system, and ensuring that all nodes in the network get
the information effectively [15].
One special protocol used in the Bitcoin system is known as the Gossip protocol.
The major functionality of this protocol is that it informs about the data to each node
and in return, it receives data as well. By adopting this protocol strategy, data is dissemi-
nated throughout the entire network. Another major consideration about this protocol is
that it follows up with the fault-tolerant mechanism, which means in case of any node
failure in the network the availability of information via multiple places would not get
affected. Other than that, it is worth considering this protocol because it is highly scal-
able. It can consider various nodes and adjust itself in the network irrespective of the
changes while performing the configurations in the network [16].
1.8 CRYPTOGRAPHY IN BITCOIN
In case of public-key cryptography, every coin is linked with the real owner’s public
key, which means when the Bitcoin is sent to anyone, a message is created in terms of
the transaction and as a result, the public key is attached to all the available Bitcoins
and the private key verifies them. So, as a result, when it is publicly broadcasted, this](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-24-320.jpg)
![10 Security Engineering for Embedded and Cyber-Physical Systems
will cause other users to know that the owner of the Bitcoin is the same owner of the
key. The owner’s signatures are solid evidence that the message produced is trustwor-
thy. Everyone holds all the previous records of transactions, so this strategy makes it
possible to identify the real owner of the coins at any time [17]. Figure 1.2 shows the
cryptography in blockchain.
To ensure the integrity of the whole blockchain system, every block in the chain
promises the integrity of the last block (previous). And this process continues till the
first block. So, in this way, no one can overwrite any one of the available records. This
process is expensive as it is quite hard to fulfill all the special requirements.
1.9 CHALLENGES ASSOCIATED
WITH BITCOINS
The major drawback in Bitcoin is that it doesn’t involve any kind of central medium or
authority for the transaction control. Instead, it is public, which brings up certain secu-
rity concerns [18]. So, while considering this scenario, the following are some of the
security aspects that should be considered.
1.9.1 Twice Spending on Coins
This term means that the user shouldn’t be able to use similar coins two times and
shouldn’t be able to use the same coin for another user at once. Through the block-
chain infrastructure, spending twice is prohibited; therefore, for this, everyone over the
Bitcoin network must agree to the certain transaction before its confirmation. While
adopting this strategy, it can be assured that the user didn’t use the coin and whether the
user is the actual owner of the coin. This identification is possible because the block-
chain system keeps the record of all the available history of transactions; therefore,
the real ownership of the Bitcoin can be traced easily. So, it can be concluded that the
double spending of the coin simultaneously is not practically possible. If anyone man-
ages to spend two blocks, just one of the transactions will work because of the nature of
design of the algorithm [19, 20].
FIGURE 1.2 Cryptography in blockchain.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-25-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 11
1.9.2 Access to the Network
It is tough to consider the whole network while using computational power. In the case
of anyone who managed to get access to most of the network will allow him/her to
do anything as he/she intended to do, which may fail the entire network. This can be
avoided by adopting the PoW technique, assuring that none would alter Bitcoin as a
whole network while considering the computational power. This process can be adopted
if many people make a big pool but this has never happened yet.
The algorithm used in the block hash is made so that each block constitutes
the hash value of the last block of the chain. The block configurations are shown in
Figure 1.3.
In case someone wants to alter the data in the transaction, then they have to follow
up with the PoW for that specific block and this follows up with all the interconnected
blocks while considering the computational power, so that they could create the PoW of
all the previous blocks and in the same way create the similar one for the newly gener-
ated blocks. At the same time, they are added to the ledger. Well, the only case in which
the probability of success can be possible is when the overall control is more than 51%
of the total value of computational power [21].
In usual circumstances, no one has the authority to access private key information.
Still, in case of higher computational power, the access for changing the transaction can
alternatively be possible. While, along with this, due to higher computational power,
the creation of a large amount of cryptocurrency can also be possible by utilizing the
process of mining.
FIGURE 1.3 Block configurations.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-26-320.jpg)
![12 Security Engineering for Embedded and Cyber-Physical Systems
1.9.3 Anonymous Users
This is one of the vital considerations in Bitcoin technology that the anonymity of all
the participants is promised. Although the functionality of Bitcoin is based publicly,
however, keeping the user identity confidential and private is necessary. Therefore, it
becomes difficult instead of impossible for anyone to explore the relationship between
the certain key and the person behind the key. This situation is achieved at a certain
level by considering the utilization of public-key as the address.
1.9.4 Legal Issues in Bitcoin
The basic system of blockchain technology in Bitcoin is that there is no central system of
management; therefore, the whole system will only stop working if the overall network
is shut, which is practically not possible. Following are some of the legal considerations
in the Bitcoin network:
• Practically, all the legal enforcement parties, including the government, failed
to control the Bitcoin networking system. All the transactions and number of
activities performed over the Bitcoin network cannot be traced over the nor-
mal circumstances. This has promoted some illegal things over this network.
This can be understood by considering the example of buying drugs that can
probably not be possible to buy via normal credit or debits cards, etc., but
here cryptocurrency is the solution that can be used due to its feature of un-
traceability [22]. So, these kinds of issues made it impossible to use this plat-
form under the legal boundary.
• There are certainly other legal concerns about the Bitcoin platform which are
very confusing; for example, if the Bitcoin is treated as money or property,
other than that if the owner of the Bitcoins is liable of paying tax, if “yes”
what are the possible ways this can be implemented as there is no central
controlling mechanism in Bitcoin [23].
• Another strange thing about Bitcoin is that its value or price changes fre-
quently and in a wild way, and this trend is possible because of a limited num-
ber of participants and the transactions, and also because of social media.
None of the government of any country, including a number of banks, would
like to base their economy where there is no centrally controlled structure.
1.9.5 Technical Issues in Bitcoin
Apart from legal and security concerns in the Bitcoin technology, there are a number of
technological issues in the Bitcoin network. Following are some of the issues based on
Bitcoin technology:
• One of the significant challenges in the operation of a Bitcoin network is the
power consumption used by the feature of PoW in Bitcoin which requires](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-27-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 13
a significant amount of computational power for transaction verification.
Therefore, it isn’t worth wasting this much power on a small task.
• A total of 21 million coins are the total number of Bitcoins that can be pos-
sibly achieved and according to forecasting, this will take place by 2140 [23].
Afterward, there won’t be any mining payment, and during this situation, the
only possible way is the fee that is charged during the transaction and that
will be the sole means for mining blocks by the miners. So, in this scenario,
the Bitcoin system will be useless, when the transaction payment is the same
as other centralized systems.
• In terms of safety, Bitcoin’s overall network is quite safe and secure; how-
ever, if anyone or maybe some group gets control over the major computation
power, this might cause the overall system to come down. However, this con-
dition is quite impossible to achieve as mentioned before.
• Another major technical concern about the Bitcoin network is that if someone
commits any mistake that might be unconscious, there is no way to get that
fixed. In one way, this is an advantage, as this enhances the network’s security, as
no one will be able to perform any alterations or changes. However, on the other
hand, this can create a problem when something is done just by human error.
• Many concerns are causing privacy issues in the Bitcoin infrastructure,
including removing sensitive personal data from the Bitcoin system. While
considering the other blockchain technologies, there are a number of situa-
tions where it keeps the data of the users at a certain time. Still, when there
are alterations in the circumstances, this personal data is not kept the same
way as before. This can be easily understood by considering the following
example: the Unites States has recently published a law that states that the
name of the company’s CEO and date of birth must not be published on the
company’s website. However, other information like license holder, etc., can
also be changed similarly. All this data is under the control of the govern-
ment. However, blockchain technology gives the best chance to people to get
together and make their data-sets throughout the end-to-end network without
the involvement of any central medium [24].
1.10 THE CONSENSUS ALGORITHM
IN BLOCKCHAIN
A consensus algorithm is a process in computer science used to achieve agreement
among distributed processes or systems. There are various consensus algorithms like
Paxos. Google implemented a distributed lock service called Chubby (based on Paxos),
PoW, etc. Two of the general problems in blockchain technology that need to be solved
are double-spending problems and Byzantine Generals’ Problem [25].
Double-spending is an error in a digital cash scheme in which the same digital
token is spent twice or more. This is possible because a digital token consists of a digital](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-28-320.jpg)
![14 Security Engineering for Embedded and Cyber-Physical Systems
file duplicated or falsified. The prevention of double-spending has taken two general
forms: centralized and decentralized. It is usually implemented using an online central
trusted third party to verify whether a token has been spent. This normally represents a
single point of failure from both availability and trust point of view.
The second problem is the Byzantine Generals’ Problem. We all know that block-
chain is a decentralized network. There is no central authority in a decentralized
network, and one node does not trust any other nodes. The question is how all the
nodes can agree on the correct state of shared data. This is known as the Byzantine
Generals’ Problem. This problem is described as a group of generals of the Byzantine
army camped with their troops surrounding an enemy city. The generals must agree
upon a common battle plan and they can only communicate with each other using mes-
sengers. However, one or more of the generals may be traitors who will try to confuse
the others. The problem is to find an algorithm that ensures the loyal generals will reach
an agreement on the battle plan regardless of what the traitors do [25]. Table 1.1. shows
a comparison of the five consensus algorithms.
The characteristics of the consensus algorithm include points discussed in subsec-
tions below.
1.10.1 Proof of Work (PoW)
A PoW is a remarkable piece of data that is very difficult to produce to satisfy basic
requirements. It is a random process to generate PoW with low probability and effi-
ciency so that the number of trials and errors is required before a valid PoW is produced.
This mechanism could reach a consensus between many nodes on a network and secure
the Bitcoin blockchain. However, the PoW algorithm works with all nodes to solve a
cryptography puzzle. This cryptography puzzle is solved by all the miners and the first
one to solve it gets the miner reward. PoW gives more rewards to people with better
equipment. The higher your hash rate is, the higher is your chance of creating the next
block and getting the miner reward. To increase chances any further, the miners can
come together and form a mining pole; they combine their hashing power and distribute
the rewards evenly across everyone in the pole. One of the disadvantages of PoW is
that it uses a large amount of electricity. With PoW, rich people are more likely to enjoy
TABLE 1.1 Comparison of the five consensus algorithms
CHARACTERISTICS
CONSENSUS ALGORITHMS
POW POS DPOS BPFT RAFT
Byzantine fault tolerance 50% 50% 50% 33%
Crash fault tolerance 50% 50% 50% 33% 50%
Verification speed 100s 100s 100s 10s 10s
Throughput (TPS) 100 1000 1000 2000 10k
Scalability Strong Strong Strong Weak Weak](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-29-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 15
the power of economics at scale [26]. Figure 1.4 shows the Practical Byzantine Fault
Tolerance (PBFT) consensus mechanism.
This method forces miners to have a stake in the Bitcoin network. Proof of stake
does not have miners but instead validators. It does not allow people to mine new blocks
but instead mint or forge blocks. To become a validator, a node must deposit a cer-
tain amount of coins into the network as a stake. The size of the stake determines the
chances for the validator to be chosen to forge the next block. The validator chosen to
validate the next block will check whether the transactions in the block are correctly
made and if everything checks out, the node signs off the block and adds it into the
blockchain. As a reward, the node receives the fees associated with the transactions
related to this block. If the node no longer remains as the validator, his/her stake as well
as all of his transaction fees which he/she has got will be released after a certain period.
Proof of stake is environmentally friendly compared to PoW because it does not utilize
a large amount of electricity [26].
1.10.2 Delegated Proof of Stake (DPoS)
DPoS users conduct a reputation system and real-time voting to create a panel of limited
trusted parties, which are called witnesses. Witnesses have the right to create blocks to
add them to the blockchain. You can consider this a representative democracy in which
citizens elect officials to represent them while making decisions. In the model, people’s
worth strength depends on how many tokens they hold. This means the people with
more tokens will influence the network more than people with very few tokens. The
voting for the witnesses is a continuous process. Therefore, the witnesses must carry out
their functions to a higher standard or lose their position. The DPoS is a decentralized
consensus model, with a high transaction rate and low energy [26].
1.10.3 Practical Byzantine Fault Tolerance (PBFT)
It was a breakthrough in distributed computing that came out in 1999. It is a replication
algorithm that can tolerate Byzantine faults and achieve variable consensus in a distrib-
uted computing network. It is a multi-stage verification process where at the beginning,
FIGURE 1.4 Steps of PBFT.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-30-320.jpg)
![16 Security Engineering for Embedded and Cyber-Physical Systems
the verification is done by a selected number of nodes. As it progresses through the
verification process, it needs more and more confirmation. It is used in many distributed
networks such as Ripple, Stellar, and Hyper ledger.
1.10.4 Raft Consensus Algorithm
The Raft is a characteristic of the consensus algorithm like Paxos in fault tolerance and
performance. The main function of Raft is that all nodes in a group agree on the same
transitions. In Raft, a person is selected from the group who acts as the leader. The
leader’s job is to accept the requests made by the clients and then manage the replication
of the log to other servers. The data flows in one direction from the leader to the server
[26]. Figure 1.5 shows RAFT consensus algorithm.
1.10.4.1 Technology behind blockchain
This is a basic issue that Lesley Lambert has developed to have a proper communica-
tion system between peer-to-peer [27]. The technology originated from a mathematical
problem known as Byzantine failures. The point of the Byzantine question is to formu-
late consistency to message via the channel of information. Hence, the anticipation is
that the channel is always reliable to communicate.
Blockchain technology is also known as the technology of distributed ledger and it
also has an underlying technology that confirms the operation of Bitcoin. In the Bitcoin
Forum, an essay written by Satoshi Nakamoto has been published in which the name
“Bitcoin” first appeared in “Bitcoin: A Peer-to-Peer Electronic Cash System” [28].
Blockchain technology is an amalgamation of numerous technologies. The technolo-
gies are integrated into a database to maintain a reliable and unique database. This is a
database technology that is distributed through the Internet. Storage is being done in a
centralized data center. In blockchain technology, any person in this system can work
in the data center. This technology can integrate, be continuous, and consistent through
password verification of asymmetric mechanisms.
FIGURE 1.5 RAFT consensus algorithm.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-31-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 17
1.10.4.2 Aspects of blockchain technology
Blockchain technology is one of the evolutionary technologies on the Internet. The core
of blockchain consists of block-based data structure, the architecture of decentralized
open-source, cryptographic asymmetric mechanism [29].
The blockchain is a distributed database technology that is entirely different from
the traditional structure of the database. This technology is equipped with the innova-
tive block as an important data component. Information of the data is being kept in the
data record and the file that keeps and stores the data is known as a block.
Nakamoto has created a genesis block where every single block is responsible for
recording the value in the case of the creation. The structure of the block keeps a header
of the block and that block creates a link with the previous block.
The genesis blocks, as well as the block structure, are given in Figure 1.6.
That is why the block’s structure consists of two distinctive characteristics. At first,
the data information inside the block is an exchange of the activity recorded. In con-
trast, the creation of the previous block takes place to create the whole block to ensure
the integrity of the database blockchain. Next, in the case of creating and linking to the
ending point of the blockchain, the block data is ready to have assurance and the consis-
tency of that blockchain database.
The block acts like a node based upon the value exchange agreement to create a
blockchain. Before generating the latest block with the prior block, the index must have
been known. That is why each block is needed to be linked with the prior block. Hence, it
can be said that index of prior block creates the head of the following block and the data
information creates the data block and here, the timestamp has to be fixed to the end [29].
“The magic of blockchain data structure: a block (complete history) + chain (full
authentication) = a timestamp, which is the maximum innovation of the blockchain
technology” [30]. Blockchain technology database can store complete data information
starting from genesis block and it goes to the last block in the structure. Every data, as
well as messages, can be traced and validated.
Since blockchain technology differs from many technologies, it does not record
and store data in a centralized data center, instead of different nodes that are bound to
work together. To begin with, blockchain technology is constructed with different sets
of protocol mechanisms. Different nodes are used to do different tasks. One is used
for maintaining the data information for its node, whereas the other is responsible for
verifying other nodes.
The block data information depends on how almost all the nodes in that network can
correctly consider information. Later, the comparison of the result and the authenticity
is considered. In this technology, all data are regularly and spontaneously updated. In
FIGURE 1.6 Genesis block and block structure.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-32-320.jpg)
![18 Security Engineering for Embedded and Cyber-Physical Systems
addition, they are also stored in different nodes of the network that participate while the
recording is going on. Though some of the nodes might be tampered with or damaged,
it would not impact the recording of the database. The network system is purely stood
upon the principles of volunteering. It also tries to establish a spread-out network system.
Here, all persons can have accessibility to each other. By having so, total networking
system will be decentralized as well. Data information is being validated as well as dis-
seminated throughout the distribution network. In the case of blockchain technology, a
different type of transaction is needed to be distributed in the distribution structure. For
the P2P protocol, the messages are delivered to different nodes from a single node in the
whole network. This is fully a decentralized architecture that is updated in real time in a
single network node to ensure the security of the blockchain database [31].
The accounting distribution, storage, and dissemination of the blockchain depict
that an organization can’t have absolute control over this. The procedures regarding the
storage of the data, transmission of the information, and the verification of the transac-
tion are kept decentralized.
The blockchain technology can validate the ownership regarding the information
that is purely based on the algorithms of asymmetric encryption. Two distinctive keys
are required to encrypt and decrypt such as a public key and a private key. The pub-
lic key is used to have the blockchain encrypted and remains open to anyone in the
entire network. Anyone can use their public key in the case of encrypting data. On the
contrary, the private key can only be owned by the information owner. To encrypt infor-
mation, a private key can decrypt it to ensure the security and privacy of the data. Some
common encryption algorithms are RSA, ElGamal, D-H, ECC, and many more. In the
case of the blockchain technology transaction, the public key is responsible for encrypt-
ing the transaction. In contrast, the private key is responsible for decrypting it to utilize
the value of the original data it has [32].
In a decentralized environment, all blockchain agreements are required to stay
ahead of where the script is being taken as a programmable smart contract. This technol-
ogy utilizes a script and in return, it ensures flexibility, practicability, and adaptability.
The scripts are files that can be executable in some formats. This can also provide a list
of different instruction for holding value on each exchange job.
1.11 EXHUMATION OF BLOCKCHAIN
TECHNOLOGY IN THE CONCERN
OF INFORMATION SECURITY
1.11.1 Authentication of Identity
The authentication process is a system that examines the identity of the users. It gives a
mechanism for confirming the identity of the users [32]. The normality of the technol-
ogy is to protect the users who are legitimate.
The authentication technology is regarded as the pillar of the security protocols like
accessibility to the control, detection of the intrusion, security audit, etc. These are the](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-33-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 19
important components of information security. The authentication technology includes
different password-based technology, smart card-based authentication technology, and
PKI-based authentication technology. In addition, different authentication technol-
ogy has been introduced based on different biological characteristics of humans [33].
Traditional authentication technology has already adopted a centralized authentication
method. The Certificate Authority (CA) is responsible for executing the authentication
technology to realize the functions in terms of issuing, revoking, updating, and verifying
certificates. Nowadays, web-based application systems like email, portal, and messag-
ing applications purely stand upon the CA mode. On the other hand, it is a big risk since
the crackers can crack the CA center to crack the encrypted information.
The authentication process of the identity is purely situated on the technology of
blockchain. It has different characteristics of different decentralized authentication,
whereas it does not create any threats to the CA. In addition, releasing a blockchain key
can surely disrupt any action of the fake secret key. Now, a project from MIT named
by “certain” is one of the best examples of implementing PKI created upon the block-
chain technology. The certain can remove the centralized CA and replace the spread-out
accounts by utilizing the blockchain. Moreover, Pomcor has already marketed an imple-
mentation of PKI based on the blockchain.
The approach permits the users to authenticate certification via decentralized and
transparent sources of the user. IOTA project is used to leverage a lightweight, Tangle,
block the less and scalable account and acts as the standing pillar of the IoT [34].
1.11.2 Protection of the Infrastructure
DDoS is responsible for attacking different computers as a platform with assistance
provided by the Client/Server (C/S) technology [35].
Denial of Service (DoS) is responsible for targeting the availability of three compo-
nents related to the security of the information: usability, confidentiality, and integrity.
The attack mode uses the defect in the system network that is responsible for consuming
the resources. Therefore, the target stays unable to give expected service to users.
The basic type of DoS attack can require huge resources to implement by utilizing
the requests of the service. By doing so, the legitimate users might not have the prompt
response of the service [34]. The attack might have a target on the memory, CPU, and
bandwidth where the performance indicator is relatively low. The attack of DoS is made
on a one-on-one respectively. Since the network and computer technology are devel-
oping day by day, DoS attacks are less likely to occur. The reason behind that is the
increasing power of the computer processor, increased memory, and bandwidth.
1.12 DATA SECURITY IN BLOCKCHAIN
Data is being built on the exact foundation of that application system. For the method
of cryptography, the digital signature creates a new set of information that depicts the
integrity and the identity of the signer that is embedded into the data file [36]. The user](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-34-320.jpg)
![20 Security Engineering for Embedded and Cyber-Physical Systems
is responsible for confirming the signature by using the public key of the signers to
authenticate the information.
Generally, the intention of using a private key is because of the digital signature
technique for the recipients. A problem is that the private key needs to be verified to see
it has not been fabricated or tampered. As blockchain technology is developing, usage
of this technology to replace the data signature can help to replace classified informa-
tion with total transparency. That can increase the cost of the tampered data; hence, it is
impossible to alter data without being sought [36].
1.13 DISCUSSION
Blockchain is one of the leading and emerging technologies in the 21st century. The
overall theory of blockchain technology has given us insight into this decentralized tech-
nology. A number of previous literature reviews have helped us identify the number of
possible improvements and concerns that can be considered in the future. Undoubtedly,
Bitcoin technology has been researched and investigated on a broader scale. This has
allowed studying further on this technology toward the future perspective while consid-
ering the number of blockchain applications.
According to the researchers and investigators, this technology constitutes a number
of characteristics that are composite of many advantages which are fairly well to be used
in the financial sector. Blockchain technology has already been implemented on a larger
scale in cryptography and other information technology sectors. However, there are still
limitations to implementing this technology on a large scale during this era of the modern
world. The experts are still hopeful for blockchain technology to perform the future con-
tribution due to the immense advancements and the development in the Internet industry.
Blockchain technology uses cryptography to make a system more secure and trans-
parent. This technology was designed for digital currency such as Bitcoin, ripple. We
can send this digital money to anyone. It doesn’t have any physical worth. It stores
information or data over the network to make it a centralized or distributed system so
that anyone can access it. There are a number of blocks in blockchain technology that
contain all data. It provides an open, decentralized database for money, goods, or work
transactions. Blockchain has a vast network of nodes and for the execution of transac-
tions, it uses different clients, transactions like relaying and validating. The blockchain
is one of the emerging technologies of this century, and many researchers and investiga-
tors are putting their efforts into getting the best possible deal out of it. Its tremendous
advantages and useful implications in a number of different areas can never be ignored.
1.14 ALGORITHMS
Blockchain technology uses different consensus algorithms. The consensus algorithm
is a technique or a process in the computer field to attain the goal among distributed
systems. Different consensus algorithms are used to achieve the results, i.e., Paxos,](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-35-320.jpg)
![1 • Algorithms and Security Concern in Blockchain Technology 23
We are also very grateful to rest of the university staff members, who have given
us environment and space where we can get access to the modern learning recourses
whether it is a library or the virtual platform of University of Bedfordshire, Luton, UK.
We would also like to thank our rest of the classmates, who have guided us when we
have required any help in anything.
REFERENCES
1. “Beyond bitcoin: emerging applications for blockchain technology”, NIST, 2018 [Online].
Available: https://www.nist.gov/speech-testimony/beyond-bitcoin-emerging-applications-
blockchain-technology. [Accessed: 05 July 2018].
2. E. Zukerman, “Bitcoin reviewed: clever, controversial financial/social experiment”,
PCWorld, 2018 [Online]. Available: https://www.pcworld.com/article/230594/Bitcoin.
html. [Accessed: 02 Jul 2018].
3. Yuan Yong and Wang Fei-Yue, “Blockchain: the state of the art and future trends”, Acta
Automatica Sinica, J. 2016, 42(4): 481–494.
4. S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system”, Consulted. 2009. https://
bitcoin. org/en/bitcoin-paper
5. K. Biswas and V. Muthukkumarasamy, “Securing smart cities using blockchain tech-
nology”, in 18th IEEE International Conference on High Performance Computing and
Communications, 14th IEEE International Conference on Smart City and 2nd IEEE
International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016,
December 12–14, 2016, pp. 1392–1393.
6. P. T. S. Liu, “Medical record system using blockchain, big data and tokenization”, in 18th
International Conference on Information and Communications Security, ICICS 2016,
November 29–December 2, 2016, pp. 254–261.
7. Y. Xiao, H. Wang, D. Jin, M. Li, and J. Wei, “Healthcare data gateways: found healthcare
intelligence on blockchain with novel privacy risk control”, Journal of Medical Systems.
2016, 40: 218.
8. D. Kraft, “Difficulty control for blockchain-based consensus systems”, Peer-to-Peer
Networking and Applications. 2016, 9: 397–413.
9. M. Vukoli, “The quest for scalable blockchain fabric: proof-of-work vs. BFT replication”,
in IFIP WG 11.4 International Workshop on Open Problems in Network Security, iNetSec
2015, October 29, 2015–October 29, 2015, 2016, pp. 112–125.
10. F. Idelberger, G. Governatori, R. Riveret, and G. Sartor, Evaluation of logic-based smart
contracts for blockchain systems, Springer, Cham, Switzerland, 2016, pp. 167–183.
11. L. Lamport, R. Shostak, and M. Pease, “The Byzantine Generals’ Problem”, ACM
Transactions on Programming Languages Systems. 1982, 4: 382–401.
12. A. Back, “Hashcash – a denial of service counter-measure”, in USENIX Technical
Conference, 2002.
13. S. King and S. Nadal, “PPCoin: peer-to-peer crypto-currency with proof-of-stake”, 2012.
14. Nxtwiki, “Whitepaper:Nxt”, 2015.
15. P. Vasin, “BlackCoin’s Proof-of-Stake Protocol v2”.
16. https://bitshares.org/
17. https://bitshares.org/technology/delegated-proof-of-stake-consensus/
18. M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance”, in Symposium on
Operating Systems Design and Implementation, 1999, pp. 173–186.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-38-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 27
2.1 INTRODUCTION
The Internet of Things (IoT) is mainly termed the Internet of Medical Things (IoMT)
in the healthcare sector. It is considered as an integration of medical devices and soft-
ware applications. Healthcare services that are possible in the medical field are known
from the symbolic representation of functionalities of the body, as shown in Figure 2.1.
Recently, IoMT and IoT have had an enormous set of applications. It is made possi-
ble due to the rise in mobile devices designed with near field communication (NFC)
to interact with the IT systems. IoMT applications consist of numerous facilities such
as medication tracking, remote patients monitoring, and wearable devices to transmit
health problems to the respective health professionals. Health data is transmitted effi-
ciently with their enhanced data collection and analysis ability. Healthcare sectors have
gained more focus on IoMT technologies through which the medical organizations,
innovators, and government bodies are working to reduce loads of healthcare entities.
Internet of Health Things (IoHT) is developed with IoT-based solutions which
can form network architecture that can initiate the interaction between the patient and
healthcare facilities. Electrocardiography, electroencephalogram, heart rate, diabetes,
and other monitoring devices such as biomedical sensors are considered IoHT devices.
These biomedical sensors are applied for pulse detection, measuring the airflow during
breathing, oxygen level in blood, glucometer (measuring the glucose level), body tem-
perature, and electromyography (measuring the electrical activity of skeletal muscles).
Patient data is collected by sensors which are processed through applications. These
applications are used by the user terminals like smartphones, smartwatches, computers,
or even embedded devices. These terminals are connected to the gateways by short-
range communication protocols, namely, 6LoWPAN (IPv6 over Low Power Wireless
Personal Area Networks) or Bluetooth Low Energy (BLE) over IEEE 802.15.4 stan-
dards. Gateways are connected to the cloud for the services connected with the process-
ing and storage [1, 2]. Patient data can also be stored in electronic health records, which
FIGURE 2.1 IoMT.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-42-320.jpg)
![28 Security Engineering for Embedded and Cyber-Physical Systems
will help doctors access the history of patient health details. These can assist all sorts of
people, namely pediatric, elderly, and patients with chronic diseases. The health sector
has attained rapid development among the IoT-based systems.
The organization of the chapter is as follows: IoT Healthcare System and IoT
Healthcare Technologies are described in Sections 2.2 and 2.2.1. IoT healthcare policies
of some countries are explained in Section 2.2.2. Heterogeneous IoT is described along
with the architecture in Section 2.3. IoHT services and applications are outlined in
Section 2.4. IoHT Security is described in Section 2.5. Role of Blockchain in Healthcare
is explained in Section 2.6. IoHT Industry Status is described in Section 2.7. Finally, the
chapter ends with the open issues in IoHT, which are explained in Section 2.8.
2.2 IoT HEALTHCARE SYSTEMS
In the current healthcare systems, offering low-cost services efficiently is challenging. It
is more highlighted when more aged citizens are affected by various diseases, demand-
ing better healthcare recovery mechanisms. Due to the lack of resources in cities and
rural areas, it can be tough to provide suitable treatment. Hence, the healthcare system
needs changes for the transformation into smart healthcare system. Wearable sensors and
devices are integrated with smart healthcare systems designed for smart emergency sys-
tems and smart hospitals. Sensor nodes can be installed inside or adjacent to the patient’s
body. Activity recognition, anomaly detection, behavioral pattern discovery, and deci-
sion support are some of the technologies to be integrated with the sensor networks [3, 4].
Intel and Dell have collaborated and launched a smart healthcare system in Saensuk
city, Thailand, in January 2016. These corporate companies have initiated providing
health services to the citizens. As an initial step, old-aged people who form most of the
city population are focused on the project. These patients are provided with Bluetooth-
enabled devices involved in collecting and investigating the data regarding their activi-
ties such as sleeping movements and walking. The collected data are sent to the central
cloud system to contact medical practitioners to provide instant action based on condi-
tions. Data collection plays an important role in smart city development through differ-
ent tools and techniques. Various sensor devices are employed in sensor networks which
help in data collection. These sensors include smart emergency sensors, smart health
systems, and sensors for traffic management [5–7].
2.2.1 IoT Healthcare Technologies
IoT-based healthcare solutions are increasing day-by-day and therefore filtering the solu-
tions becomes a tedious task. Core technologies that have the potential for the evolution
of IoT-based healthcare solutions are discussed in this section [8–13].
• Cloud Computing: Integrating cloud computing into IoT healthcare tech-
nologies gives predominant access to shared resources. Services were offered](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-43-320.jpg)
![30 Security Engineering for Embedded and Cyber-Physical Systems
both IoT and healthcare policies, then it means the policies will be based on IoT-based
healthcare services. The countries and organizations and their forwarding direction in
both IoT and eHealth policies and strategies were discussed in this section.
2.2.2.1 India
In the health sector, to enhance the role of information and communication technology
(ICT), India introduced an eHealth policy between 2000 and 2002 to provide com-
prehensive guidelines in the healthcare field. Recommendations are provided for the
country’s information technology (IT) infrastructure (2003) and also for the formation
of a telemedicine task force (2005). Transforming a digitally empowered society and the
country with a knowledge-based economy, various initiatives have been implemented
by the Indian government as part of Digital India Program [14]. To develop 100 smart
cities, the budget of Rs. 70.6 billion has been allotted by the Indian government. To raise
the number of connected devices by over 2.7 billion, to create a $15 billion IoT industry
was the ambitious plan by India by 2020. In India’s healthcare sector, all these efforts
are expected to make great impact [15].
2.2.2.2 Australia
To guide national coordination and collaboration in eHealth, a framework was developed
by the Australian health minister in 2008. A strategic framework was developed based
on a series of National consultation initiatives including commonwealth, state and terri-
tory governments, general practitioners, medical specialists, nursing and allied health,
pathology, radiology, pharmacy sectors, health information specialists, health service
managers, researchers, scholars, and consumers. In addition to this, the Australian gov-
ernment developed a strategic plan for IoT [16].
2.2.2.3 Japan
To motivate the realization of network access ubiquity, the u-Japan Policy was devel-
oped by Japan’s Ministry of Internal Affairs and Communications (MIC) in 2004 [17].
For eHealth-friendly policies, some recommendations have been made by the Japanese
government, which focused on cost savings and improved clinical outcomes [18].
2.2.2.4 France
For the advancement of the IoT, in 2008 the French government supported the creation
of an object-naming service (ONS) root server. Every product is uniquely identified
using global standards since they registered with GSI France. Through domestic ONS
nodes and portals, the information on these products was enabled. Since the product
data are accurate, authentic, and uniform, the customers were convinced. Telemedicine
services are widespread at the regional level and stimulate eHealth policy improvement
in France. Legislation in 2004 has introduced electronic health records [19]. With the
superintendent of solutions for challenges in semantic interoperability and the use of](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-45-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 31
eHealth, the government has worked on the furtherance of IT infrastructure of hospitals.
Regarding this, the “Hopitaux 2012” plan and the Law on Hospitals, Patients, Health
and Territory (HPST) are worth noting.
2.2.2.5 Sweden
Networking was enabled for all physical objects through the Internet by enhancing IoT.
For the headway of IoT, an Object Naming Service (ONS) root server is jointly devel-
oped by Global Standards 1(GS 1) Sweden and SE, which SE announced in July 2010.
The Swedish “National Strategy provided a detailed set of action areas and statements
for eHealth” [20].
2.2.2.6 Germany
In the legislation governing, the core eHealth activities of Germany were expressed in
2003. Germany has a superintendence to become a leader in engineering and manufac-
turing sector including IoT domain [21]. INDUSTRY 4.0 is the strategic start that helps
achieve this goal according to the HighTech Strategy 2020 action plan.
2.2.2.7 Korea
By 2020, domestic market for IoT has achieved the KRW to 30 trillion ($28.9 billion),
which was previously planned as 2.3 trillion in 2013. The government established an
open IoT ecosystem in May 2014 to develop IoT services and products. Service, plat-
form, network, device, and IT security sectors are parts of an open IoT ecosystem. In
2008, to enhance eHealth’s inclusiveness and fair access, Korea has introduced poli-
cies. Electronic medical records, ePrescription, and telemedicine were introduced in the
healthcare sector, which initiates the driving use of ICT [22].
2.2.2.8 China
In July 2020, China’s Ministry of Industry and Information Technology (MIIT)
announced that a unified national strategic plan for the IoT would be promoted. To
introduce IoT, facilitate RD, commercialization, creating foundational technologies,
network connections and usage would be established by MIIT, which the Chinese gov-
ernment decided. These measures are expected to motivate the development of IoT.
China’s “eHealth Development Strategy 2003–2010” has attracted the rising investment
interest [23].
2.2.2.9 The US
IoT’spolicyandregulatoryimplicationswerediscussedbytheFederalTradeCommission
(FTC) in February 2014. The provision of notice and choice for non-consumer-facing
network devices and how devices that are part of the IoT can be ensured to have reason-
able data security were the two major areas of IoT that FTC focused on.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-46-320.jpg)
![32 Security Engineering for Embedded and Cyber-Physical Systems
2.2.2.10 The EU
A European policy for the IoT was devised by Research and Development (RAND)
Europe based on the European Commission’s request. From mid and long-term per-
spectives, policy challenges had been evaluated by a research team addressed by poli-
cymakers. In Europe, for stimulating the development of IoT, some recommendations
have been made after examining the policy options. To help the IoT, a resolution was
proposed by the European Parliament in June 2010. The impacts of this technology on
health, privacy, and data protection should be thoroughly assessed, which was recom-
mended by the EU parliament. As part of this resolution, a consumer enjoys the right
to opt for a not equipped or connected product. In 2004, the eHealth Action Plan was
endorsed by the European Council, to cooperate the area of eHealth, all member states
expressed the formal commitment. The European Commission launched a public con-
sultation initiative in April 2014 for input from interested stakeholders on barriers and
the issues regarding mHealth in the EU [24].
2.2.2.11 The World Health Organization
For a wide range of public health initiatives, mobile phones are used in both developed
and developing countries. In developing countries, an initiative was taken to encourage
Mobile Health (mHealth) for tobacco control (WHO, 2011). Text messages (SMS) were
mostly used in most eHealth projects in developing countries to increase awareness and
communication campaigns, and they focused mainly on HIV, malaria, and MCH. All
target countries have been advised to consolidate ICT in their national health informa-
tion systems and infrastructure by 2015.
2.3 HETEROGENEOUS IoT
Heterogeneous IoT is the predatory area among research fields, impacting every indi-
vidual’s lifestyle. These are implemented in various fields such as security systems, smart
cities, vehicular ad-hoc network (VANET), smart homes, manufacturing, and environ-
mental monitoring. It can offer numerous reliable amenities to our lives depending on
applications developed. Heterogeneous IoT is designed with the help of mobile networks
(3G, 4G, 5G), VANET, WiFi, and wireless sensor networks (WSN). These combinations
of architectures assist in achieving the information anytime and anywhere. The overall
setup is connected to the cloud servers via satellites or the Internet, which plays a vital
role in transmitting the information to the server toward the processing stage. Servers can
collect enormous amounts of information to control the smart entities. IoT is termed as a
developing paradigm where the various heterogeneous systems are interconnected with
four layers namely, application, cloud computing, networking, and sensing layers. Entities
are controlled by themselves where they are scalable. Due to the sensing devices and sys-
tem architectures, heterogeneous IoT is incorporated in almost every application aspect of
life. Heterogeneous IoT architecture comprising four layers is described in Figure 2.2 [25].](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-47-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 33
2.3.1 Application Layer
Heterogeneous IoT can support numerous applications such as VANET, WiFi, and WSN.
Mobile users are free to communicate using various applications, namely Whatsapp,
Line, Yahoo messenger, WeChat, and Facebook Messenger, which helps monitor emer-
gency traffic situations. Smart devices, cars, or humans connected to the applications
will take respective decisions based on traffic information. WiFi can adapt with various
protocols and so it is deployed in smart homes, smart healthcare, and smart city systems.
WSN helps observe environmental entities such as humidity, temperature, light, smoke,
to name a few. Smart appliances are utilized in everyday life, which requires simple and
easy interfaces for the applications to be used effectively [26].
2.3.2 Cloud Computing Layer
The Cloud computing layer helps retrieve and execute the information gained from
underlying layers. Cloud computing can handle a large amount of information more
accurately. It is made possible with the help of storage capacity and also, cloud serv-
ers are capable of making decisions based on the information gathered. Additionally,
heterogeneous IoT applications take actions based on emergency-aware mechanisms.
As there is an increasing growth of data, decision-making through the cloud computing
will take more time. Cloud computing has enhanced its heterogeneity power compared
to middleware because of prevailing systematic computing capabilities. Different oper-
ating systems and a variety of network protocols could be differentiated by middleware
FIGURE 2.2 A heterogeneous IoT architecture.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-48-320.jpg)
![34 Security Engineering for Embedded and Cyber-Physical Systems
to provide high-quality service for several kinds of applications. This will be hard to
obtain interoperability because of the scheme used by most common middleware ser-
vices. Because of the mismatched schemes of the subsystems, the middleware services
have shortcomings of memory overhead and time delay constraints. In a specific style,
the communication between the heterogeneous networks through cloud server acts as
an abstract layer [27].
2.3.3 Networking Layer
Networking layer helps in movement of data between the sender and receiver. Major
topologies like tree, star, scale-free, and hybrid for higher data transfer are offered.
Through supernodes, sink nodes, and other communication entities, the data is trans-
ferred to the cloud server with the help of network structures and also through resource-
ful network strategies. In heterogeneous IoT, different kinds of protocols for routing
have been designed. Data throughput, energy consumption, and malicious attacks were
challenges faced by network topologies. In case of a node failure, some self-structured
protocols help to improve the strength of network topologies. A high potential of data
transfers is required to move a large amount of information to cloud servers in hetero-
geneous IoT. The network’s lifetime in the heterogeneous IoT, hazardous locations, is
extended using energy-saving protocols deployed [28].
2.3.4 Sensing Layer
For decision-making, the data from different nodes are collected and given to the cloud
servers with the help of various sensors in the sensing layer. A huge number of sensors
are located in a specific location to transmit data and thus the topology is formed. Sink,
sensor, and management nodes are parts of the conventional network. Retrieving the
data from sensor nodes and converting them to a multichip communication style will
be performed by the sink node. Management nodes were used to administer the sensor
network and observe activities initiated by them. The network structure will be changed
if some nodes die or disappear quickly due to energy exhaustion and environmental
effects. By choosing the power management and backbone node, unnecessary wireless
communication links were subtracted. This helps to ensure the network connectivity and
potential network model for data transfer. Several algorithms and mechanisms have been
proposed for strengthening the network. Several different sensors in a heterogeneous
IoT model exist to handle malicious nodes. Smart sensors are located to improve the
privacy of heterogeneous IoT devices, since it lacks privacy. Various fields like industry,
agriculture, smart homes, transportation, healthcare, and IoT have started penetrating
rapidly from 1999. The purchase of materials, stocks, and auctions uses heterogeneous
IoT applications and industrial productions use supply chain management [29, 30].
• IoT devices are used in agriculture to sense the greenhouse temperature, soil
conditions, humidity, and other environmental factors.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-49-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 35
• IoT devices are used in smart homes to enhance home safety and provide a
pleasant living environment.
• To simplify data gathering, its execution, distribution, and travel exploration,
intelligent transportation will be useful in vehicular communication.
IoT devices also significantly impact healthcare, varying from primary patient investi-
gation to operation theatre (OT). To enhance wearable smart devices, heterogeneous IoT
has been stimulated and a new trend of mobile health has been revealed.
2.4 IoHT SERVICES AND APPLICATIONS
IoT-based healthcare services, including pediatric and older nursing, chronic disorders
surveillance, private health, and wellness management, are relevant to different sectors.
Applications shall also be split into two groups:
• Single condition
• Clustered condition
An application with a single diagnosis refers to a particular disorder or infirmity, and an
application with a clustering treatment encompasses a variety of illnesses or disorders
together in their entity.
2.4.1 IoHT Services
IoT has been designed to offer continuous facilities in which each provider has delivered
a selection of healthcare strategies. No common definition of IoT facilities exists in the
field of healthcare. However, some situations may not critically separate service from a
different method. General resources and protocols that could be required for IoT struc-
tures require small improvements in the proper operation of these facilities in medical
scenarios. These include notification services, resource-sharing services, Internet facili-
ties, heterogeneous computer cross-connection protocols, and large networking proto-
cols. Various forms of IoT healthcare services are discussed as follows [31–33].
2.4.1.1 Ambient assisted living
IoT platform based on artificial intelligence (AI) techniques helps care for aged people
and differently abled people. These kinds of integration of techniques are termed ambi-
ent assisted living (AAL). The ultimate aim of AAL is to provide an independent life to
older adults in their comfortable zone of living. It gives a human-servant-like assisted
living which will make them feel happy and comfortable. AAL work on 6LoWPAN,
RFID, near-field communication (NFC) which applies for passive communication. As](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-50-320.jpg)
![36 Security Engineering for Embedded and Cyber-Physical Systems
researchers are more eagerly involved in developing smart objects, Keep-in-Touch smart
objects have triggered them in multi-dimensions on deploying the application.
2.4.1.2 Adverse drug reaction (ADR)
ADR is caused due to the injury caused by medications provided. Nowadays, more peo-
ple suffer from the side effects of medications that physicians recommend. ADR helps
reduce the reversal reactions of medicines with the help of barcode or NFC-enabled
devices. This pharmaceutical intelligent information system helps map medications to
the patient’s allergy profile and prescribes the respective medicines.
2.4.1.3 Children health information (CHI)
In the present pandemic situation, children’s health has to be taken care of in a cru-
cial manner. Therefore, IoT researchers are developing an interactive totem placed in
the pediatric ward to offer CHI services and provide guidance on emotional, mental
health problems. IoT-based health services are encouraged to acquire nutritional habits
for teachers and parents.
2.4.2 IoHT Applications
IoT software should be given more consideration in comparison to IoT facilities. Services
are used to create software while consumers and patients access apps directly. Thus,
utilities are developer-centered, whereas apps are user-centered. Present on the market
today are numerous gadgets, wearables, and other healthcare products in addition to
those uses covered in this segment. These products can be seen as IoT inventions that
can contribute to different applications in healthcare. Various IoT applications which are
developed to serve the medical fields are presented as follows [34–36].
2.4.2.1 Medication management
To solve the non-compliance problems in the medical field, IoT offers solutions such as
I2Pack and iMedBox, which can verify the system with the help of field trials. IoT-based
medication management packaging method has been developed for delamination mate-
rials and controlled through wireless communications such as RFID tags.
2.4.2.2 Wheelchair management
Researchers initiated their focus on developing automated smart wheelchairs which help
disabled people. It is developed with wireless body area network (WBAN) technology
integrated with various sensors. Medical support system connects peer-to-peer network
and IoT in controlling chair vibration and helps detect the wheelchair status. It monitors
the individual sitting position in the chair and collects all the data from the surrounding
along with the location. It has eventually stated that the standard “things” evolved as
connected machines which drive the data.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-51-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 37
2.4.2.3 Body temperature monitoring
Body temperature plays an essential role in the healthcare services, such as homeosta-
sis (ability to maintain a stable internal state despite the changes in the world outside)
maintenance. IoMT verifies body temperature sensor, which is integrated into TelosB
mote. It helps measure the temperature variations, which shows the successful operation
of medical-related IoT systems. It includes an RFID module that controls temperature
recording and transmission of a module for monitoring body temperature.
2.5 IoHT SECURITY
IoT grows rapidly in the medical field, which can be expected to be a mainstream of
IoT acceptance in the next few years and prosper with the latest eHealth IoT products
and applications. Medical equipment and software can deal with sensitive private data,
such as confidential medical records. Moreover, such intelligent systems can always and
everywhere be connected to global communication networks. Consequently, an intruder
might threaten the IoT health care domain. It is important to define and evaluate various
features of IoT protection and privacy, including safety criteria, flaws, hazard models,
and countermeasures from a healthcare perspective to promote the complete deploy-
ment of IoT within the healthcare sector [37–40].
2.5.1 Security Requirements
IoT-based healthcare strategies are close to the protection criteria of typical commu-
nications situations. Confidentiality means that unauthorized people are unable to
obtain patient records. Furthermore, classified communications do not cause eavesdrop-
pers to expose their material. Integrity means that the patient records received are not
changed by an enemy during transit. Moreover, the completeness of stored data and
material should not be impaired. Authentication allows an IoT health device to guar-
antee the authenticity of the peer. Availability ensures the sustainability of IoT health-
care systems, either local or global/cloud, even in denial-of-service attacks, to approved
parties.
The freshness of data requires freshness and critical freshness of data. Because
of the IoT health network, metrics can differ over time when newly created messages.
The freshness of data essentially assumes that each data set is new and does not repeat
old messages from any adversary. Non-repudiation indicates that a node cannot deny a
message sent earlier. Authorization means that registered nodes can only reach network
facilities or infrastructure. While interconnected health systems are hacked, the net-
work/device/information should be secured from attacks by a protection scheme. In the
case of a failure, a network scheme should always have respective security services. An
IoT healthcare network medical system may malfunction or lack resources, while other
operating devices can allow a minimum degree of protection [41].](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-52-320.jpg)
![38 Security Engineering for Embedded and Cyber-Physical Systems
2.5.2 Security Challenges
As Standard protection strategies do not assure IoT security standards, there is a need
for innovative countermeasures to comply with current IoT problems. Furthermore, such
machines are not designed to carry out costly computing operations. In other words,
they are either a sensor or actuators. It is thus a difficult challenge to find a protection
solution that minimizes the use of energy and thus maximizes safety efficiency. Most
IoT medical devices have no memory on the device. They are enabled by an integrated
International Standard Organization (ISO), a device program and an application binary
which are enabled.
Consequently, the memory cannot be enough to run complex security protocols. A
conventional IoT healthcare network includes portable medical instruments with mini-
mal control of the batteries, such as body temperatures sensors and BP sensors; these
instruments save energy when the sensor readings are not registered by switching to
power-saving mode. Moreover, if nothing is relevant, they run at a low CPU speed.
The energy restriction property of IoT health devices is also difficult to find an energy-
conscious protection approach.
Medical instruments are usually not static but mobile through IoT service providers
connected to the Internet. For example, wearables can be linked to the Internet utiliz-
ing a wearable body temperature sensor or a heart monitor and the user can note their
condition. Those consumer wearables are linked to the home network, where the con-
sumer is linked to the office network. Various networks have different configurations
and settings for security. The development of a protective algorithm recognizes versa-
tility and poses a significant challenge. The number of IoT devices has steadily risen,
which means that more devices are connected to the global communication network.
Therefore, it is a difficult challenge to build a highly flexible defense framework without
violating safety criteria.
Healthcare devices are typically connected through various wireless networks,
including Zigbee, Z-Wave, Bluetooth, Bluetooth Low Energy, WiFi, GSM, WiMax, and
3G/4G. The capabilities of these networks are less suitable for conventional wired safety
systems. Therefore, a robust safety protocol is difficult to locate and can accommodate
wired and wireless features equally. Consequently, connecting numerous health devices
within an IoT health network is complex, from full-length PCs to low-end RFID tags.
Such instruments differ in computing, control, memory, and embedded software depend-
ing on their capabilities. Therefore, the task is to build a protection framework that can
suit even the most straightforward machines. A health computer can enter wherever and
everywhere in the IoT health network. It can either gracefully (with a right acknowledg-
ment of the exit) or disgracefully (abruptly) leave a network. The network topology is
complex with medical equipment’s temporal and spatial entry features. For this cause, it is
a challenging task to develop a security model for such a complex network topology [42].
A health system can communicate in a proprietary network protocol with other
devices in the local network. IoT systems can also connect via the IP network with IoT
service providers. Therefore, security experts can’t establish a sound security strategy
for multi-protocol communications. Protection protocols must be up-to-date to mini-
mize possible vulnerabilities. Security updates for IoT health devices are also needed.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-53-320.jpg)
![2 • IoT-Based Secure Smart Healthcare Solutions 39
But it is a daunting challenge to develop a system for the complex implementation of
security patches. IoT health equipment’s physical stability is an important aspect. An
attacker will access computers, extract encryption secrets, change code, or substitute
malicious nodes. Tamper-resistant packaging protects against such threats, but in reality
it is impossible to enforce. When an attack occurs from a proximal network healthcare
system, the attack is more serious. The expanded attack surface makes IoT health sen-
sors and networks vulnerable to security hits.
Furthermore, the malicious or compromised node inside the proximal network is
difficult to ascertain.
IoT model continues to evolve, with many other IoT healthcare equipment and
facilities planned. In comparison, the attacker can aggressively and deliberately target
a health system and network that can use related IoT devices or power supplies like tab-
lets and laptops to enter the network. An intruder will then formulate multiple security
vulnerabilities to present potential IoT-medical systems and networks. Some risks are
tangible while others can be forecasted and others are impossible to foresee. Different
categories of attacks are discussed as follows [43]:
1. Attacks Based on Information Disruptions: An attacker can manipulate or
analyze in-transit and saved health data to provide incorrect information and
delete the integrity of information. The competitor conducts denial-of-service
(DoS) attacks that result in the failure or unavailability of communication
connections. This method of intrusion jeopardizes the liability of network
hardware. An enemy passes patient information found in communications
that violate confidentiality and data protection. An enemy receives unwanted
access to patient records to generate chaos and confuse innocent organiza-
tions through the IoT health network. An enemy forges messages by injecting
bogus material to undermine the credibility of messages and deceive inno-
cent citizens. An enemy plays back current signals to jeopardize freshness.
This further raises misunderstandings and misleads innocent people.
2. Attacks Based on Host Properties: Three types of attacks are initiated
based on host assets.
• Compromise: The reverse entails cheating or stealing the customer’s fit-
ness equipment and networks. Critical material, including passwords,
encryption keys, and user data, is exposed in this attack.
• Hardware compromise: An adverse system tamper and will steal firm-
ware, keys, and data from the software on the computer. An attacker can
reprogram malicious coded computers.
• Software compromise: An intruder exploits the program bugs and weak-
nesses and causes IoT health systems to malfunction or dysfunction (e.g.
buffer overload and depletion of resources).
3. Attacks Based on Network Properties: The method of attack is in two
forms: a particular agreement between protocols and layers and a compromise
in standard protocol where an attacker deviates from the standard protocols
(application and networking protocols) to compromise compatibility, ano-
nymity, honesty, and authenticity. The various types of vulnerabilities that an](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-54-320.jpg)
![law and the English law entirely separate. The practice of citing
American cases promiscuously throughout a treatise on English
Copyright Law I have found to be confusing and misleading. [236]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-57-320.jpg)
![CHAPTER II
WHAT WORKS ARE ENTITLED TO
COPYRIGHT
In order to acquire copyright in the United States the work must
fulfil the following conditions:
1. It must be an original literary or artistic work.
2. The (owner/author) must be a citizen of the United States
(or resident therein), or of a foreign country
proclaimed to that intent by the President.[1253]
3. It must have complied with the formalities prescribed by
the statutes of the United States.[1254]
4. It must be innocent.[1255]
Section I.—An Original Literary or Artistic Work.
In the United States literary and artistic works are treated similarly
under the same series of statutes. The works protected are
enumerated in section 4952 of the Revised Statutes as amended by
the Act of March 3, 1891 (The Chace Act). The protection extends to
any book, map, chart, dramatic or musical composition, engraving,
cut, print, or photograph or negative thereof, and to any painting,](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-58-320.jpg)
![The scope of the
Constitution.
drawing, chromo, statue, statuary, and to models or designs
intended to be perfected as works of the fine arts.
In considering whether a work is within the
protection of the Copyright Acts, not only must the
enacting words of the statutes be considered, but
also, and perhaps principally, the scope of the
provision in the Constitution, which grants power to Congress to
secure the protection of authors and artists.[1256] The language of
the Act must be read in connection with the Constitutional provision
and be so construed as to promote the object and conform to the
purpose expressed therein. The power given to Congress by the
Constitution is a power to promote the progress of science and
useful arts by securing for limited times to authors and inventors the
exclusive right to their respective writings and discoveries. In
consideration of this restricted power the earlier decisions[1257]
construed the Acts of Congress as including only those works which
showed a certain degree of intellectual labour in the arts or sciences.
In Clayton v. Stone[1258] protection was refused to a daily price
current or review of the markets issued in a newspaper. Thompson,
J., in giving judgment, said:
The Act was passed in execution of the power given by
Congress, and the object therefore was the promotion of
science; and it would certainly be a pretty extraordinary view of
the sciences to consider a daily or weekly publication of the
state of the market as falling within any class of them. They are
of a more fixed, permanent, and durable character. The term
science cannot with any propriety be applied to a work of so
fluctuating and fugitive a form as that of a newspaper or price
current, the subject-matter of which is daily changing, and is of
mere temporary use.... The title of the Act of Congress is for the
encouragement of learning, and was not intended for the
encouragement of mere industry unconnected with learning and
the sciences.
[237]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-59-320.jpg)
![Illustrated
Catalogues.
This high standard of intellectual requirement was
not, however, strictly maintained. In Brightley v.
Littleton[1259] a blank form of application for a
licence to sell liquor at retail, drawn in pursuance of the statutes in
that behalf, was protected, and it was said that, although the matter
claiming copyright must be original and possess some possible
utility, the originality may be of the lowest order and the utility
barely perceptible. In Ladd v. Oxnard[1260] the English cases of
Lamb v. Evans[1261] and Leslie v. Young[1262] were cited with
approval, and the Court agreed that the quality and grade of
original work required by the Courts under the Copyright Statutes
are very moderate. Until the case of Mott v. Clow,[1263] the
tendency seems to have been to follow the English judges to their
extreme view, as expressed by Lord Halsbury in Walter v. Lane,[1264]
i. e. that the copyright law requires neither literary merit nor
intellectual labour nor originality either in thought or in language.
The Court, however, in Mott v. Clow[1265] refused to follow the
English decisions. After reviewing the American, and particularly the
earlier American decisions, they say:
The result of these decisions would seem to place this
construction upon the Constitutional provisions under
consideration that only such writings and discoveries are
included which are the result of intellectual labour; that the
term writings may be liberally construed to include designs for
engravings and prints that are original and are founded in the
creative powers of the mind, the fruits of intellectual labour;
that prints upon a single sheet might be considered a book if it
otherwise met the spirit of the constitutional provision; and that
to be entitled to a copyright, the article must have, by and of
itself, some value as a composition, at least to the extent of
serving some purpose other than a mere advertisement or
designation of the subject to which it is attached.
[238]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-60-320.jpg)
![The book before the Court was a catalogue in the form of a bound
volume, containing illustrations of household wares offered for sale,
and giving the dimensions and price of each. The Court referred to
Maple v. Junior Army and Navy Stores[1266] where a similar
catalogue in England was protected.
It is to be observed in this case that it was ruled largely upon
the language of the Act of Parliament (5 6 Vict. c. 45).... It is
to be here remarked that the Parliament of Great Britain, unlike
the Congress of the United States, is unlimited in power, and
with the construction and effect placed upon the preamble of
the Act by the Court, there would seem to be little escape from
the conclusion at which the Court arrived. In this country under
the Constitution the power lodged with the Congress is not
unlimited, but is restricted to the promotion of the progress of
science and useful arts. The ruling of the English Court is
therefore not pertinent except as it illustrates the subject.
The Court cited with approval Baker v. Selden,[1267] which had
expressly approved Cobbett v. Woodward,[1268] an English case
overruled in Maple v. Junior Army and Navy Stores;[1269] they
further cited and approved the judgment of Thompson, J., in Clayton
v. Stone,[1270] quoted above. The judgment concludes with the
following paragraph:
It is possibly not beyond comprehension that pictures of slop-
sinks, wash-bowls, and bath-tubs, with or without letterpress
statement of dimensions and prices, though intended mainly for
advertisement, may in localities where such conveniences are
not in common use, be the means of instruction and of
advancement in knowledge of the arts, and, when they are the
products of original intellectual thought, may possibly come
within the scope of the Constitutional provision. It is enough for
the present purpose to say that, in our judgment, the Congress
[239]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-61-320.jpg)
![Directories.
Dictionaries.
Mercantile
Statistics.
Forms of
Application.
has not seen fit to enact a law which can reasonably be given
so broad a construction.
In considering the authority of some of the cases
cited below, the judgment in Mott v. Clow[1271]
must not be lost sight of. It is probable that some of
these cases are not in accordance with it, or with
the older cases, such as Clayton v. Stone[1272] and
Baker v. Selden[1273] therein expressly approved.
Subject to this note of warning, the following may
be taken as examples of what have and what have
not been accepted as works of art or literature
within the scope of the Constitution and the Acts of Congress.
Directories[1274] and dictionaries[1275] have both been protected. In
the case of the latter, there is copyright in the definitions of the
words, however short. A list of the credit ratings of marble, granite,
and stone dealers of the United States and Canada was protected in
Ladd v. Oxnard.[1276] In Clayton v. Stone,[1277] which has been
approved as sound law,[1278] a daily state of the market was refused
protection. A racing guide containing a list of race-horses and
statistics as to their age and performances was protected in one
case,[1279] and in the other case a list of trotting horses and their
paces.[1280] In Brightley v. Littleton[1281] a blank form of application
for liquor licence was held to be copyright. In Carlisle v. Colusa
County[1282] copyright was denied to a blank form of property
statement for assessment purposes.
This latter decision appears, however, to have been partly on the
ground that as the assessors were obliged to issue a form, it would
embarrass their duties if forms drawn up by private persons were
entitled to copyright.
A circular in pamphlet form used as an advertisement, and
explaining a certain method of distribution of coupons to cash
[240]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-62-320.jpg)
![Dramatic Works.
Law Reports.
Statutes.
purchasers from certain merchants named in the pamphlet, has
been held to be the subject of copyright.[1283] The circuit judge,
however, in his judgment, says: It requires some stretch of
imagination to say that this pamphlet comes within the purpose of
Congress, the encouragement of learning, and the increase of useful
knowledge, but the official charged with the duty has granted a
copyright to this pamphlet, and his decision is accepted.[1284]
Dramatic works[1285] have been protected, although
not of a very high literary standard. In Henderson v.
Tompkins[1286] protection was given to a topical
song which was designed merely to amuse. It was sufficient if it
accomplished that purpose.
Law Reports are protected so far as they consist of
original intellectual matter;[1287] the protection may
thus extend to the title-page, table of cases, the
head notes, the statements of facts, the argument
of counsel, the index, the order and arrangement of
cases, the numbering and pagination of the volumes, the table of
cases cited in the opinions, the subdivision of the index into
condensed titles, and the cross references.[1288] The original work of
the reporter is alone protected.[1289] In the opinion of the Court
there is no copyright;[1290] these constitute part of the law of the
land open to all to make use of as they please, and neither the
state, the judge, nor the reporter can acquire or confer any
conclusive privilege of copying them. The same rule applies to the
head notes in those states where they are prepared by the judge.
[1291] On the same grounds of public policy no one can have
copyright in the statutes;[1292] the legislature of the state cannot
confer it on any one.[1293] There may be copyright in the head notes
and arrangement of a digest of the statutes.[1294]
[241]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-63-320.jpg)
![Notes and
Additions. New
Arithmetic.
Adaptations.
Musical
Arrangement.
New Editions.
Form of
Publication.
The contents of a book do not require to be entirely
new; if partially old there will be copyright quoad
the new material or new arrangement.[1295] Thus
there is copyright in notes and additions to an old
work,[1296] in a new arithmetic combining old
material in new form,[1297] in translations,[1298] in the adaptation of
an old drama introducing a new title, new dialogue, minor
characters, scenery, and dramatic situations with the orchestration
and orchestra part songs and music,[1299] and in the dramatization
of a novel.[1300]
In one case it was held that the adaptation of a
musical piece from the notation suitable to one
instrument to that suitable to another was not a
sufficiently intellectual process to entitle the adapter
to copyright in his adaptations.[1301] It was said that a mere
mechanic could make the adaptation and accompaniment. Since
then, however, it has been held that a musical arrangement is the
subject of copyright. In Thomas v. Lennox[1302] an orchestral
accompaniment for a non-copyright oratorio by Gounod was held to
be the subject of copyright. In Carte v. Evans[1303] an arrangement
for the pianoforte of the orchestral score of an opera was held to be
copyright.
Copyright in new editions runs quoad the new
material from the date of the new edition.[1304] The
additions or corrections must be of substantial
value. A work which is publici juris cannot be reclaimed by
colourable and immaterial alterations or additions.[1305]
A book need not be a book in the ordinary sense of
the word; the word in the Act is not to be construed
by reference to lexicographers: the literary
property to be protected by the Act is not to be
[242]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-64-320.jpg)
![Mechanical
Devices.
Letter File.
Account Book.
Originality.
determined by the size, form, or shape in which it
makes its appearance, but by the subject-matter.
[1306] A single sheet containing literary matter will
be protected as a book.[1307] No doubt, however,
the subject to be protected must be ejusdem
generis as a book or leaflet. The subject-matter
must convey, and the form must be suitably
adapted for conveying, information to the reader.
The copyright law embraces those things that are printed and
published for information and not for use in themselves. Thus what
is really a mechanical instrument, and if original entitled to
protection under the patent law, will not be protected by the
copyright law. In Amberg File v. Shea[1308] protection was claimed in
a letter file. It was said that the spaces between the index letters
were adjusted to the average requirements of the correspondent.
These average requirements were ascertained by exhaustive
research in different directories. Copyright was refused. In Baker v.
Selden[1309] blank account books of an original type or pattern were
refused protection. The judge in that case drew the distinction
between what was a proper subject of the patent laws and what was
a proper subject of copyright law—The object of the one is
explanation, the object of the other is use.[1310] In Drury v.
Ewing[1311] a ladies' chart for cutting dresses and basques for
ladies, and coats, jackets, c., for boys was protected. It is almost
certain, however, that this decision would not now be accepted as
sound. Mere labels will not be protected as copyright works.[1312]
They may be protected by registration in the Patent Office.[1313]
Copyright may be obtained for works of the
imagination, or for a mere collection and
arrangement of material open to all mankind.[1314]
What is meant by originality as a requisite of copyright is that what
is claimed as the subject of copyright, whether it be the composition
or arrangement of matter, must not have been taken from some
[243]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-65-320.jpg)
![Letters.
literary or artistic work already in existence. It need not be the first
of its kind; the same thing may have been done before so as to
produce identically the same result.[1315] If the second author, artist,
or composer goes about his work independently, searching out his
material from the original sources, he is equally entitled to copyright
with the first. Herein copyright law differs from the law of patents; in
the former there may be two concurrent copyrights in what is
identically the same creation, in the latter there can only be one
patent, the first inventor being entitled.
Letters may be the subject of copyright, whether of
a business or private nature, and although never
intended by the writer to be published as literary
productions. In Folsom v. Marsh[1316] the letters of George
Washington were the subject of controversy. Story, J., in giving
judgment, laid down the law as to the property in letters at some
length:
There is no small confusion in the books with reference to the
question of copyright in letters. Some of the dicta seem to
suppose that no copyright can exist except in letters which are
professedly literary, while others again recognise a much more
enlarged and liberal doctrine upon the whole subject. In the first
place I hold that the author of any letter or letters (and his
representatives), whether they are literary compositions or
familiar letters or letters of business, possess the sole and
exclusive copyright therein; and that no persons, neither those
to whom they are addressed nor other persons, have any right
or authority to publish the same upon their own account or for
their own benefit. But consistently with this right the persons to
whom they are addressed may have, nay, must by implication
possess the right to publish any letter or letters addressed to
them upon such occasions as require or justify the publication
or public use of them, but this right is strictly limited to such
occasions. Thus a person may justifiably use and publish in a
[244]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-66-320.jpg)
![No Copyright in
Titles.
suit at law or in equity such letter or letters as are necessary
and proper to establish his right to maintain the suit or defend
the same. So if he be aspersed or misrepresented by the writer
or accused of improper conduct in a public manner, he may
publish such parts of such letter or letters, but no more, as may
be necessary to vindicate his character and his reputation, or
free him from unjust obloquy and reproach. If he attempt to
publish such letter or letters on other occasions not justifiable, a
Court of Equity will prevent the publication by an injunction as a
breach of private confidence or contract or of the rights of the
author, and a fortiori if he attempt to publish them for profit, for
then it is not a mere breach of confidence or contract, but it is a
violation of the exclusive copyright of the writer. In short, the
person to whom letters are addressed has but a limited right or
special property (if I may so call it) in such letters as a trustee,
or bailee for particular purposes, either of information or of
protection or of support of his own rights and character. The
general property and the general rights incident to property
belong to the writer, whether the letters are literary
compositions or familiar letters or details of facts or letters of
business. The general property in the manuscript remains in the
writer and his representatives as well as the general copyright.
A fortiori third persons standing in no privity with either party
are not entitled to publish them to subserve their own private
purposes of interest or curiosity or passion.
It is not quite accurate to say that the receiver of a letter is merely a
trustee or bailee for particular purposes. Clearly the receiver of a
letter is entitled to destroy it unless there is any express or implied
stipulation to the contrary, and probably he can prevent the sender
from publishing it by refusing to produce it if it is in his possession.
As a rule there can be no copyright in a title.[1317]
The deposit of the title-page with the Librarian of
Congress does not give the author any exclusive](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-67-320.jpg)
![Photographs.
right to the use of that title.[1318] A title can only be protected as a
trade mark in connection with a particular literary or artistic
production which has become known to the public. The public must
be shown to be deceived or to be in danger of being deceived.[1319]
A title may be protected by registration as a trade mark.[1320]
Photographs were first protected by the Statute of
March 3, 1865; before then protection was refused
to them under the head of prints, cuts, or
engravings.[1321] It seems to have been doubted at one time
whether the protection of photographs was not ultra vires of the
powers conferred by the Constitution. There is certainly an apparent
difficulty in bringing a photograph within the expression writings
used in the Constitution; but this word has received an extremely
wide and liberal construction, and has been held to be capable of
including any literary or artistic production of the intellect.
Photographs have been now frequently protected, but it is not every
photograph that will be protected, there must be some evidence that
the photographer has exercised an intellectual choice of subject-
matter, expression, arrangement, light, or other circumstances or
conditions which go to the production of an artistic photograph.
[1322] It will be a question of fact for the Court or jury whether the
photograph is a mere manual reproduction of subject-matter or an
original work of art.[1323] In a portrait there may be copyright in so
far as the photographer has relied on his own judgment for the
choice of light, background, pose, or attitude.[1324] In one case the
photograph of a yacht under sail was protected. It required the
photographer to select and utilise the best effects of light, cloud,
water, and general surroundings, and combine them under
favourable conditions for depicting vividly and accurately the view of
a yacht under sail.[1325]
A slight colourable alteration in a non-copyright photograph will not
entitle it to copyright.[1326]
[245]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-68-320.jpg)
![Engravings.
Pictures.
Engravings, cuts, and prints will be protected,[1327]
but there must be at least some merit in them as
artistic or instructive productions. Thus the prints of
common articles of household use in a tradesmen's catalogue,[1328]
drawings of billiard tables in a similar catalogue,[1329] a card of
specimen colours and tints of zinc paints,[1330] and a poster with
coloured drawings of a circus performance[1331] have all been
refused protection. If there is real artistic merit in a drawing it will
not be disentitled to protection merely on the ground that it has
been used as an advertisement.[1332]
It has been held that playing cards printed in colours are entitled to
protection as prints.[1333]
The Act of June 18, 1874, enacts that the protection
of the Copyright Acts conferred on engravings,
cuts, and prints shall not extend to prints or
labels designed to be used for any articles of manufacture. This Act
cannot be evaded by attempting to copyright the picture or drawing
from which the label is designed. In Schumacher v. Wogram[1334]
the Court refused protection under the Copyright Acts to a picture
representing a young woman holding a bouquet of flowers intended
to be reproduced on labels for cigar boxes. The reason for refusing
protection of the copyright law to such productions is that their only
real value is as a trade mark connected with a particular article of
manufacture.[1335] They are not designed in themselves to instruct
or amuse. As trade marks they will be protected if registered in the
Patent Office. The fact that a picture could be readily lithographed
and used as a label does not deprive it of copyright;[1336] it must in
order to lose its copyright have been made with the intention of
being used as a label. If the painting itself were to be considered a
label because copies might be so used, no masterpiece would be
entitled to copyright. A painting, engraving, or print in order to be
[246]
[247]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-69-320.jpg)
![protected must be a pictorial representation of something and not
merely a design.[1337]
Section II.—Nationality of the Author.
Unfortunately the Acts of Congress are not clear as to how far the
works of foreign authors, or the works of non-residents in the United
States are protected.
Until 1891 the works of foreign authors not resident in the United
States were denied protection. Sec. 4971 of the Revised Statutes ran
as follows:
Sec. 4971. Nothing in this chapter shall be construed to
prohibit the printing, publishing, importation, or sale of any
book, map, chart, dramatic or musical composition, print, cut,
engraving, or photograph, written, composed, or made by any
person not a citizen of the United States nor resident therein.
[1338]
By the Act of 1891, the benefits of copyright are extended to the
citizens of foreign countries which are proclaimed by the President
as conferring reciprocal rights on American citizens. Sec. 4971 of the
Revised Statutes is repealed. The Act of March 3, 1891, section 13,
enacts—
That this Act shall only apply to a citizen or subject of a foreign
state or nation when such foreign state or nation permits to
citizens of the United States of America the benefit of copyright
on substantially the same basis as its own citizens, or when
such foreign state or nation is a party to an international
agreement which provides for reciprocity in the granting of
copyright by the terms of which agreement the United States of
America may at its pleasure become a party to such agreement.](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-70-320.jpg)
![The existence of either of the conditions aforesaid shall be
determined by the President of the United States by
proclamation made from time to time as the purposes of this
Act may require.
The Act of March 3, 1891, section 5, amending the Revised Statutes,
sec. 4959, enacts that—
... the alterations, revisions, and additions made to books by
foreign authors heretofore published, of which new editions
shall appear subsequently to the taking effect of this Act, shall
be held and deemed capable of being copyrighted as above
provided for in this Act, unless they form a part of the series in
course of publication at the time this Act shall take effect. (July
1, 1891.)
On these sections two questions seem to be left open:
(1) Is the test to be applied the nationality of (a) the author,
or of (b) the proprietor of the manuscript, or other
unpublished work, at the time of publication; or will it
satisfy the Act if (c) either of these persons complies
with the requisite conditions of nationality?
(2) Will residence in the United States or in one of the
proclaimed countries confer the privileges on one who
is not a citizen or subject of any of them?
1. It may be that it would be a sufficient compliance with the
requirements of the Act if either the author or his assignee before
publication were a citizen of the United States, or a subject or citizen
of a proclaimed country. Section 1 amending the Revised Statutes,
sec. 4952, gives the sole liberty to the author, inventor, designer, or
proprietor, and to the executors, administrators, or assigns of any
such person. Section 13 applies the Act to citizens or subjects of
certain foreign states or nations. Under the Revised Statutes, section
[248]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-71-320.jpg)
![4971, before 1891 it was the nationality of the author alone that was
considered, and it would have been no answer to have said that the
assignee before publication was an American citizen or resident in
the United States. Perhaps in 1891 the benefit was designedly
extended to assignees before publication, who complied with the
conditions and who had taken assignments from foreign authors
who did not. On the whole, however, I am inclined to the opinion
that it will not do merely to allege that the assignee of the
uncopyrighted and unpublished work is a citizen of the United States
or a subject or citizen of one of the proclaimed countries. It must, I
think, be alleged that the author, inventor, designer, or proprietor ab
initio has complied with the conditions as to nationality. By proprietor
ab initio (and probably this is the true meaning of proprietor in
section 1 of the Act of March 3, 1891[1339]), I mean one who
compiles a work by his servants or agents, for instance, a body
corporate, which cannot be said to be an author, inventor, or
designer, and yet is entitled to the whole property in the work of its
servants as it grows up from day to day. I have not con sidered the
assignee after publication. I think it must be abundantly clear that
his nationality cannot be taken as the test, since if he took his
assignment from a foreign author who did not comply with the
conditions of nationality when the work was published, the work at
the time of assignment would have become publici juris. If he took
his assignment from one who complied with the conditions of
nationality and copyrighted the work, the fact of his being an alien
would not prevent him acquiring the copyright already secured.
2. Before 1891 residence in the United States, which was interpreted
to mean permanent residence and not merely for the purposes of
publication,[1340] was sufficient to entitle an author to the privileges
of the Copyright Acts. The provision now, under the Act of March 3,
1891, is that the Act shall only apply to a citizen of a foreign country
which has been proclaimed. Reading the Act strictly a foreign
resident in the United States but not a citizen thereof is excluded
from protection which he formerly had, unless he is a citizen or
[249]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-72-320.jpg)
![subject of a proclaimed country. No doubt this was not intended to
be the result of the Act of 1891, but the words are plain and
unambiguous, and there seems no reason why they should not have
effect according to their plain meaning. A fortiori a foreigner resident
in, but not a subject of, one of the proclaimed countries would not
be entitled to copyright.
The following States have been proclaimed as fulfilling one or other
of the required conditions, and their citizens are therefore entitled to
acquire copyright in the United States in the same way as an
American citizen:
Belgium ⎫
France ⎥
July 1, 1891.
Great Britain ⎥
Switzerland ⎭
Germany April 15, 1892.
Italy October 31, 1892.
Denmark May 8, 1893.
Portugal July 20, 1893.
Spain July 10, 1895.
Mexico Feb. 27, 1896.
Chili May 25, 1896.
Section III.—Necessary Formalities.
No person is entitled to copyright unless he—[1341]
I. In the case of a book, map, chart, dramatic or musical
composition, engraving, cut, print, photograph, or chromo—
[250]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-73-320.jpg)
![(i.) Delivers (or mails within the United States) to the Librarian
of Congress, on or before the day of publication, in the
United States or elsewhere a printed copy of the title
of the work.
(ii.) Delivers (or mails within the United States) to the Librarian
of Congress, not later than the day of publication in
the United States or elsewhere two copies of the work.
II. In the case of a painting, drawing, statue, statuary, or a model or
design for a work of the fine arts—[1342]
(i.) Delivers (or mails within the United States) to the Librarian
of Congress, on or before the day of publication, in the
United States or elsewhere a description of the work.
(ii.) Delivers (or mails within the United States) to the Librarian
of Congress, not later than the day of publication, in
the United States or elsewhere a photograph of the
work.
The proprietor of every copyright book or other article must deliver
(or mail within the United States) to the Librarian of Congress a copy
of every subsequent edition wherein any substantial changes shall
be made.[1343] Each volume of a book in two or more volumes,
when such volumes are published separately, and the first one has
not been issued before July 1, 1891, and each number of a
periodical is to be considered an independent publication.[1344] The
requirements of the statute as to delivery of title and copies, and
printing of notice must therefore be complied with in the case of
each volume of a book or number of a periodical.
Conditions Precedent.—The deposit of title and delivery of copies
as prescribed by the statutes are conditions precedent to copyright
[251]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-74-320.jpg)
![and not merely declaratory.[1345] There is no common law right after
publication, and therefore if a work is published without the proper
formalities having been observed it becomes publici juris, and any
one may make what use of it he pleases.[1346] Ignorance of the law
is no excuse even although a new Act has just been passed altering
the time within which copies must be delivered.[1347] In an action
for infringement the declaration must set out in detail a compliance
with the law as to formalities,[1348] and the burden of proof thereof
is on the complainant.[1349] He must prove the deposit of title,
delivery of copies, notice of copyright, and the date of publication.
The latter is essential, as on it depends the validity of the entry.
[1350]
Delivery of the Title.—The copy of the title to be delivered must
be printed, i. e. the characters used must be those ordinarily used
in printing, but they may be made by hand with a pen.[1351] The
work must be published within a reasonable time after the deposit of
the title-page, otherwise the formalities will not have been complied
with.[1352] Two months' delay in mailing to the Librarian of Congress
copies of a photograph after the filing of its title is not unreasonable.
[1353]
It will not do to publish a book under a substantially different title
from that deposited. Immaterial variations in the title, or sub-title, or
complete alteration of a description on the title-page will not make
the deposit void. In Donnelley v. Ivers[1354] the title deposited was
Over One Thousand Recipes. The Lake Side Cook Book: A Complete
Manual of Practical, Economical, Palatable, and Healthful Cookery.
Chicago: Donnelley, Lloyd Company, 1878. The title on the book
as published was The Lake Side Cook Book, No. 1. A Complete
Manual of Practical, Economical, Palatable, and Healthful Cookery. By
N. A. D. It was held that the requirement as to the deposit of title
having been substantially, in good faith complied with, the
objection was not tenable. What is required is, that the deposited
[252]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-75-320.jpg)
![title be sufficient to identify the book with substantial certainty. In
Carte v. Evans,[1355] the title filed was Pianoforte Arrangement of
the Comic Opera, The Mikado, or the Town of Titipu, by W. S. Gilbert
and Sir Arthur Sullivan. By George L. Tracey. The book as published
bore the title Vocal Score of the Mikado, or The Town of Titipu.
Arrangement for Pianoforte by George Lowell Tracey (of Boston, U.
S. A.) of the above-named opera by W. S. Gilbert and Arthur
Sullivan. This was held a sufficient deposit to protect the pianoforte
accompaniment. In Black v. Allen[1356] the title deposited was An
Outline of the Political and Economic History of the United States,
with Maps and Charts: I. History and Constitution by Alexander
Johnson, M. A.; II. Population and Industry by Francis A. Walker, LL.
D. The title of the book as deposited was United States: Part III.
Political Geography and Statistics, copyright, 1888, by Francis A.
Walker. In the absence of evidence that the defendant was
deceived or misled by the change of the title the Court held that it
was valid. In Daly v. Brady[1357] the title of a drama deposited was
Under the Gaslight: A Drama of Life and Love in these Times. The
actual title as published was Under the Gaslight: A Romantic
Panorama of the Streets and Homes of New York. The Court held
that the change of title might deceive the public, and therefore the
deposit of title was bad; but this decision was reversed in Daly v.
Webster;[1358] the variance was in the description. The title
required may include a sub-title, but it does not include a description
of the book upon the title-page.
An author may wish to change his title entirely after he has
deposited the title-page. He may do this before the deposit of copies
by depositing a fresh title-page; but it is questionable whether the
duration of his copyright will run from the first deposit of title or
from the deposit of the altered title.[1359]
Delivery of Description.—Probably a short description is all that is
required. If the title is in itself descriptive, probably that will be
sufficient. The photograph of a painting, or other work of art which
[253]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-76-320.jpg)
![is required to be delivered, does not take the place of a description.
[1360]
Delivery of Copies.—Under the Revised Statutes before 1891 the
printed copies had to be delivered within ten days from the
publication thereof. This was sufficiently complied with by the
delivery of two copies on the day before publication.[1361] The Act of
1891 now requires that the two printed copies shall be delivered
not later than the day of publication.
The copies deposited with the Librarian of Congress do not require
to bear the statutory notice as to copyright.[1362]
The memorandum given by the librarian is sufficient primâ facie
evidence of the fact and date of deposit.[1363] The librarian's date
stamp on the book is not conclusive, and may be rebutted by other
evidence of the actual date of deposit.[1364] If the copyright matter
is ordinarily bound up with other matter, the Librarian of Congress
cannot insist on the delivery of the bound volume complete. It is a
sufficient delivery to take the volume to pieces and deliver the loose
sheets on which the copyright matter is printed.[1365] Before 1891
the two copies deposited had to be of the best edition, but this
appears to be no longer necessary.
Printing in the United States.—In the case of
[254]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-77-320.jpg)
![i. books,
ii. chromos,
iii. lithographs,
iv. photographs,
the two copies required to be delivered must be printed from type
set within the limits of the United States or from plates made
therefrom, or from negatives or drawings on stone made within the
limits of the United States, or from transfers made therefrom.[1366]
This requirement was introduced in 1891, when the privileges of
copyright were extended to subjects and citizens of foreign
countries. Formerly there was no obligation to print within the
United States.
It has been held that a volume of music is not a book within the
meaning of the provision in the statute enacting that the two copies
delivered shall be printed in the United States.[1367] It would seem
to follow that the necessity of printing in the United States does not
extend either to maps or charts, or even to dramatic compositions in
book form. These are all dealt with specifically in the Act, and
therefore, on the authority of Littleton v. Oliver,[1368] do not come
within the generic term books.
Retrospective Provision.—By an Act of March 3, 1893, it is
enacted—
That any author, inventor, designer, or proprietor of any book
or other article entitled to copyright, who has heretofore failed
to deliver in the office of the Librarian of Congress two complete
copies of such book, or description or photograph of such article
within the time limited by title sixty, chapter three of the
Revised Statutes relating to copyrights and the Acts in
amendment thereof, and has complied with all other provisions](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-78-320.jpg)
![thereof, who has before the 1st day of March 1893 delivered at
the office of Librarian of Congress or deposited in the mail
addressed to the Librarian of Congress two complete printed
copies of such book, or description or photograph of such
article, shall be entitled to all the rights and privileges of such
title sixty, chapter three of the Revised Statutes and the Acts in
amendment thereof.
Notice of Copyright.—No person can maintain an action for
infringement of his copyright unless each published copy of his work
bears one or other of the following notices:[1369]
Entered according to Act of Congress in the year ——, by A. B.,
in the office of the Librarian of Congress at Washington.
Or:
Copyright, 18—, by A. B.
Books must bear the notice:
On the title-page or page immediately following.[1370]
Designs for moulded decorative articles, tiles, plaques, or articles of
pottery:
Upon the back or bottom of such articles or on such other
place upon them as it has heretofore been usual ... for the
placing of manufacturers, merchants, and trade marks thereon.
[1371]
Other works, including musical compositions, photographs, pictures,
engravings:
Upon some visible portion thereof, or of the substance upon
which the same shall be mounted.[1372]
[255]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-79-320.jpg)
![Slight variation.
The statutory requirements as to notice must be strictly complied
with, and a departure from the exact words of one or other of the
alternative forms may be fatal to the right of action. When the only
notice on a book was Entered according to Act of Congress, in the
year 1878, by H. A. Jackson, it was held an insufficient notice as
complying with neither of the two alternative forms.[1373]
A very slight variance in the words or the orders of
the slight words, if the matter is substantially the
same, will not, however, make a bad notice. Thus
1889, Copyrighted by B. J. Falk, N. Y., has been held a good notice.
[1374] So also has Copyright entered according to Act of Congress,
1889, by T. C. Hefel, civil engineer. It was held to comply with the
short alternative notice, viz.: Copyright, 18—, by A. B., the
superfluous words being disregarded on the doctrine of utile per
inutile non vitiatur.[1375]
The name of the proprietor who takes out the copyright is an
essential part of the notice. In Osgood v. Aloe[1376] the following
notice was printed on the page following the title-page, Copyright,
1891; all rights reserved. This was held a bad notice, and the name
of the publishers, who were also the proprietors, printed on the title-
page was insufficient. There was nothing to show that they were
proprietors as well as publishers. Copyright may be taken out in the
name of a firm or a conventional trade name, and if that name is on
the notice it is sufficient.[1377] But it must be the full and proper
name under which the proprietors are trading. Thus when The
Illustrated American Publishing Company issued a paper entitled The
Illustrated American, the following was held an insufficient notice on
a crayon drawing published by the Company, viz.: Copyrighted
1891, by The Illustrated American.[1378] It seems, however, that it
is not necessary for an individual to give his full name if what is
given is sufficient for the purposes of identity. Thus the surname and
the first letter of the Christian name,[1379] and in one case the
[256]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-80-320.jpg)
![surname alone have been held sufficient.[1380] The latter case was
that of a photographer in Brooklyn. It was shown that there was
only one photographer of that name in Brooklyn, and the notice ran
Copyright, '93, by Bolles, Brooklyn.[1381] If the full name is given
there is no necessity to give the address of the proprietor, even
although he be a foreigner resident abroad.[1382]
It will not do to put the name of an agent on the notice. In Nifflin v.
Dutton[1383] the authoress of The Minister's Wooing took out a
copyright in the whole book in her own name. Subsequently several
chapters of the story were published serially in the Atlantic Monthly.
The only notice of copyright in that magazine was in the name of the
publishers, Ticknor and Fields. It was held that these chapters had
not a sufficient notice. Great care must be taken in the case of serial
publications. If a story is published in a magazine each part must be
treated as a separate book, and must contain a notice of copyright
by the author if he is the owner. When the book is published as a
whole these notices must be repeated; it will not do merely to
copyright the whole book afresh and print a new notice.
Date of Entry.—The date required is the year only; neither the day
nor the month is necessary. The statement of a wrong year has been
held fatal to the notice. In Baker v. Taylor[1384] the true date of
taking out copyright was 1846. The notice stated 1847 as the year,
and this was held as bad notice, even although the error arose from
mistake. But in Callaghan v. Myers[1385] the notice put an earlier
instead of a later date than the actual date of deposit; the true date
being 1867, the notice declared copyright to have been entered in
1866. This was held an immaterial error, since it deceived no one,
and would only operate to shorten the claimant's copyright by one
year. In Schumacher v. Wogram[1386] Wallace, J., doubted whether
the declaration in the notice of a date earlier than the true date
would not make the notice void. It is immaterial that the date on the
[257]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-81-320.jpg)
![notice is abbreviated if it is sufficiently clear what date is meant;
thus, Copyright, '94, by A. B., is a good notice.[1387]
It is extremely difficult to determine what date the law requires to be
placed upon the second or subsequent edition of a book wherein
substantial alterations or additions have been made. In the case of a
reprint, I think it is clear that the date of the first edition, and that
only, is the correct date; and even where alterations or additions
have been made I think that that date is necessary, and I doubt
whether it is necessary to add another notice giving the date of the
revised edition. It would seem that a subsequent edition does not
require to be entered in the same manner as the original edition;
the statute is complied with by the deposit of a copy of every
subsequent edition wherein any substantial changes shall be made.
If this is done copyright in the alterations seems to have been
procured. In Lawrence v. Dana[1388] Clifford, J., held that it was not
necessary in a subsequent edition to give the date of the entry of
the first edition[1389]; but I doubt if this is sound. On the whole, I
think the correct view is that the matter peculiar to the first edition,
whether it be printed in the first or any subsequent edition, must
bear a notice with the date when that matter was first entered, and
that the matter peculiar to any subsequent edition will be protected
until the expiry of the copyright in the first edition, if it bears a
notice with the date of the first edition only, and if a copy has been
sent to the Librarian of Congress. I further think that the matter
peculiar to subsequent editions may be protected for the full term of
twenty-eight or thirty-two years from the date of the first publication
of the edition in which it is first contained, if such edition is
separately entered, by two copies of the title-page and of the book
being deposited, and if it bears a notice with the date of such
separate entry. I think, therefore, in every new edition in which there
is a substantial alteration or addition there should as a matter of
practice be a separate entry of copyright and separate notices on the
title-page, one for each edition of the book.
[258]](https://image.slidesharecdn.com/21930558-250601152101-d11683df/85/Security-Engineering-For-Embedded-And-Cyberphysical-Systems-Saad-Motahhir-82-320.jpg)
Security Engineering For Embedded And Cyberphysical Systems Saad Motahhir
- 1. Security Engineering For Embedded And Cyberphysical Systems Saad Motahhir download https://ebookbell.com/product/security-engineering-for-embedded- and-cyberphysical-systems-saad-motahhir-43861116 Explore and download more ebooks at ebookbell.com
- 2. Here are some recommended products that we believe you will be interested in. You can click the link to download. Security Engineering For Serviceoriented Architectures 1st Edition Michael Hafner https://ebookbell.com/product/security-engineering-for- serviceoriented-architectures-1st-edition-michael-hafner-4201412 Security Engineering For Vehicular It Systems Improving The Trustworthiness And Dependability Of Automotive It Applications 1st Edition Marko Wolf Auth https://ebookbell.com/product/security-engineering-for-vehicular-it- systems-improving-the-trustworthiness-and-dependability-of-automotive- it-applications-1st-edition-marko-wolf-auth-4625196 Agile Security Operations Engineering For Agility In Cyber Defense Detection And Response Hinne Hettema https://ebookbell.com/product/agile-security-operations-engineering- for-agility-in-cyber-defense-detection-and-response-hinne- hettema-56606478 Software Security Engineering A Guide For Project Managers Julia H Allen https://ebookbell.com/product/software-security-engineering-a-guide- for-project-managers-julia-h-allen-31644872
- 3. Genome Editing And Global Food Security Molecular Engineering Technologies For Sustainable Agriculture Zeba Khan https://ebookbell.com/product/genome-editing-and-global-food-security- molecular-engineering-technologies-for-sustainable-agriculture-zeba- khan-51266268 Role Engineering For Enterprise Security Management Davis John Mike Coyne https://ebookbell.com/product/role-engineering-for-enterprise- security-management-davis-john-mike-coyne-5392744 Cyber Security Engineering A Practical Approach For Systems And Software Assurance Mead https://ebookbell.com/product/cyber-security-engineering-a-practical- approach-for-systems-and-software-assurance-mead-11893330 Cyber Security Engineering A Practical Approach For Systems And Software Assurance Carol Woody https://ebookbell.com/product/cyber-security-engineering-a-practical- approach-for-systems-and-software-assurance-carol-woody-5602632 Challenges For Human Security Engineering 1st Edition Yuzuru Matsuoka https://ebookbell.com/product/challenges-for-human-security- engineering-1st-edition-yuzuru-matsuoka-4935674
- 6. Security Engineering for Embedded and Cyber-Physical Systems Digital transformation, also known as Industry 4.0, Smart Industry, and Smart Manufacturing, is at the top of leaders’ agendas. Such a transformation stimulates inno- vation in new products and services, the digital transformation of processes, and the cre- ation of new business models and ecosystems. In the world of manufacturing, Industry 4.0 is based on various technological advances, among which we can mainly cite CPS (cyber-physical systems), IoT (Internet of Things), and IoS (internet of services). Whileengaging,thisfourthwavealsobringssignificantchallengesformanufacturers. Business operations and the supply chain are becoming more vulnerable to cyber threats. Security Engineering for Embedded and Cyber-Physical Systems is an invaluable resource to discover cybersecurity and privacy techniques for embedded and cyber- physical systems. This book presents the latest studies and research results on all aspects of security engineering for embedded and cyber-physical systems. It also provides a pre- mier interdisciplinary reference for researchers, practitioners, and educators to discover the most recent innovations, trends, concerns, and practical challenges encountered and solutions adopted in security engineering for embedded and cyber-physical systems. The book offers comprehensive coverage of the essential topics, including the following: • Embedded and cyber-physical systems threats and vulnerabilities • Security engineering techniques for embedded and cyber-physical systems • Security engineering for embedded and cyber-physical systems and potential future-use cases • Artificial intelligence techniques for cybersecurity and privacy • Security engineering for Internet of Things • Blockchain for cybersecurity in embedded and cyber-physical systems This book comprises a number of state-of-the-art contributions from both scientists and practitioners working in security engineering for embedded and cyber-physical systems. It aspires to provide a relevant reference for students, researchers, engineers, and profes- sionals working in this area or those interested in grasping its diverse facets and explor- ing the latest advances and future trends related to security engineering for embedded and cyber-physical systems.
- 8. Security Engineering for Embedded and Cyber-Physical Systems Edited by Saad Motahhir Yassine Maleh
- 9. First edition published 2023 by CRC Press 6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742 and by CRC Press 4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN CRC Press is an imprint of Taylor & Francis Group, LLC © 2023 selection and editorial matter, Saad Motahhir and Yassine Maleh; individual chapters, the contributors Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750- 8400. For works that are not available on CCC please contact mpkbookspermissions@tandf.co.uk Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. ISBN: 978-1-032-23546-2 (hbk) ISBN: 978-1-032-23547-9 (pbk) ISBN: 978-1-003-27820-7 (ebk) DOI: 10.1201/9781003278207 Typeset in Times by KnowledgeWorks Global Ltd.
- 10. v Contents Editorsvii Prefaceix Section ONE Security Engineering for Embedded and Cyber-Physical Systems: Challenges and Applications1 1 Algorithms and Security Concern in Blockchain Technology: A Brief Review 3 Rejwan Bin Sulaiman, Amer Kareem, and Muhammad Umer Farooq 2 IoT-Based Secure Smart Healthcare Solutions 25 C.M. Naga Sudha, K. Gokulakrishnan, and J. Jesu Vedha Nayahi 3 A Purposed Multilayered Framework for Security and Privacy in Big Data 49 Danish Bilal Ansari and Muhammad Abdul Khaliq Section TWO Blockchain for Security Engineering in Embedded and Cyber-Physical Systems 77 4 Blockchain and Cyber-Physical System for Security Engineering in the Smart Industry 79 Javaid Ahmad Malik and Muhammad Saleem 5 Applications of Blockchain Technology and Related Security Threats: A Comparative Study 99 Amer Kareem and Rejwan Bin Sulaiman 6 Smart Applications of Big Data and Blockchain: Challenges and Solutions 111 Swathi Lakkineni and Lo’ai Tawalbeh
- 11. vi Contents 7 Cybersecurity-Based Blockchain for Cyber-Physical Systems 137 Yassine Maleh, Ahmed A. Abd El-Latif, and Saad Motahhir Section THREE Artificial Intelligence for Security Engineering in Cyber-Physical Systems 171 8 The Future of Cybersecurity in the Hands of Artificial Intelligence 173 Lisa Devine and Kevin Curran 9 Cybersecurity-Based Machine Learning for Cyber-Physical Systems 189 Mustapha Belaissaoui, Youssef Qasmaoui, Soufyane Mounir, and Yassine Maleh 10 Mitigation of Malware Using Artificial Intelligence Techniques: A Literature Review221 Farhat Lamia Barsha and Hossain Shahriar 11 AI Techniques in Blockchain Technology for Fraud Detection and Prevention235 Yogesh Kumar Index253
- 12. vii Editors Saad Motahhir, PhD, IEEE Senior Member, has expertise as an embedded system engineer at Zodiac Aerospace Morocco (2014–2019) and a professor at the National School of Applied Sciences (ENSA), Sidi Mohamed Ben Abdellah (SMBA) University, Fez, Morocco since 2019. He earned an engineering degree in embedded system at ENSA Fez in 2014. He earned a PhD in electrical engineering from SMBA University in 2018. Dr. Motahhir has published a number of papers in journals and at conferences in recent years, most of which relate to photovoltaic (PV) solar energy and embedded systems. He published a number of patents in the Morocco patent office. He has edited one book and acted as guest editor of different special issues and topical collections. Dr. Motahhir is a reviewer and on the editorial boards of different journals. He has been associated with more than 30 international conferences as a program committee/advi- sory board/review board member. Yassine Maleh is a cybersecurity professor and practitioner with industry and academic experience. He earned a PhD in computer sciences. Since 2019 he has been a profes- sor of cybersecurity at Sultan Moulay Slimane University, Morocco. He worked for the National Port Agency (ANP) in Morocco as a Senior Security Analyst from 2012 to 2019. He is the founding chair of IEEE Consultant Network Morocco and founding president of the African Research Center of Information Technology and Cybersecurity. He is a senior member of IEEE and a member of the International Association of Engineers and the Machine Intelligence Research Labs. Dr. Maleh has made contribu- tions in the fields of information security and privacy, Internet of Things security, and wireless and constrained networks security. His research interests include information security and privacy, Internet of Things, network security, information system, and IT governance. He has published over 120 papers (book chapters, international journals, conferences/workshops), 20 edited books, and 3 authored books. He is the editor-in- chief of International Journal of Information Security and Privacy (IJISP) and the International Journal of Smart Security Technologies (IJSST). He serves as an associ- ate editor for IEEE Access (2019 Impact Factor 4.098), International Journal of Digital Crime and Forensics, and International Journal of Information Security and Privacy. He was also a guest editor of a special issue, “Recent Advances on Cyber Security and Privacy for Cloud-of-Things,” of International Journal of Digital Crime and Forensics. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conferences and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the publicity chair of BCCA 2019 and the general chair of the MLBDACP 19 symposium and ICI2C’21 Conference.
- 14. ix Preface Industry 4.0 or IIoT (Industrial Internet of Things) is a discipline that combines indus- trial systems, the Internet of Things, the cloud, and data and analytics. In Factory 4.0, industrial production systems (IoT) are instrumented to feed data about their opera- tion to the cloud through dedicated communication networks. The data in the cloud is analyzed and cross-referenced with other external data by intelligent systems to make production and supply chain optimization decisions. The decisions made are fed back to the industrial systems to drive the industrial processes automatically and remotely. Most critical infrastructures such as the power grid, rail or air traffic control, indus- trial automation in manufacturing, water/wastewater infrastructure, banking system, etc., are cyber-physical systems (CPS). Due to the cyber-physical nature of most of these systems and the increasing use of networks, embedded computing, attack surfaces have increased. Given that the continued availability of their core functions is critical to people’s every day and economic lives, there is widespread concern that they could be subject to intense cyber-attacks. A number of these cases have occurred over the past decade. It is therefore essential to defend these systems against cyber threats. IIoT solutions and industrial systems (IoT) are poorly prepared to operate in a connected environment that is more exposed to cyberattacks. This makes them poten- tial targets for hackers and cybercriminals looking for notoriety, industrial secrets, or financial gain through ransomware and/or data exfiltration. Poorly protected, remote accesses implemented on supervision systems can constitute potential vulnerabilities and put at risk certain industrial applications for production control and monitoring. With the introduction of IIoT, the boundary between enterprise information sys- tems (IT) and industrial systems (IoT) is gradually disappearing and IoT systems no longer have the perimeter security (air gap) they originally enjoyed. Industrial automa- tion systems (robots, numerically controlled machines, programmable logic controllers) are becoming much more interconnected, open and accessible from a company’s man- agement computer network, or even the Internet. Cyber-attacks targeting management networks would, therefore, easily spread to IoT systems. This book presents the state-of-the-art and practices addressing the following unique challenges in cybersecurity and privacy in embedded and CPS. This book is ideal for policymakers, industrial engineers, researchers, academics, and professionals seeking a thorough understanding of security engineering principles for embedded and cyber-physical systems. They will learn promising solutions to these research problems and identify unresolved and challenging issues for their research.
- 16. SECTION ONE Security Engineering for Embedded and Cyber-Physical Systems Challenges and Applications
- 18. 3 DOI: 10.1201/9781003278207-2 1 Algorithms and Security Concern in Blockchain Technology A Brief Review Rejwan Bin Sulaiman, Amer Kareem, and Muhammad Umer Farooq School of Computer Science and Technology, University of Bedfordshire, Luton, UK Contents 1.1 Introduction 4 1.2 Security Concern in Blockchain 5 1.3 Mining in Blockchain 6 1.4 Innovation of Bitcoin 7 1.5 Bitcoin 8 1.6 Background Technologies 8 1.7 Point-to-Point Network 9 1.8 Cryptography in Bitcoin 9 1.9 Challenges Associated with Bitcoins 10 1.9.1 Twice Spending on Coins 10 1.9.2 Access to the Network 11 1.9.3 Anonymous Users 12 1.9.4 Legal Issues in Bitcoin 12 1.9.5 Technical Issues in Bitcoin 12
- 19. 4 Security Engineering for Embedded and Cyber-Physical Systems 1.10 The Consensus Algorithm in Blockchain 13 1.10.1 Proof of Work (PoW) 14 1.10.2 Delegated Proof of Stake (DPoS) 15 1.10.3 Practical Byzantine Fault Tolerance (PBFT) 15 1.10.4 Raft Consensus Algorithm 16 1.10.4.1 Technology behind blockchain 16 1.10.4.2 Aspects of blockchain technology 17 1.11 Exhumation of Blockchain Technology in the Concern of Information Security 18 1.11.1 Authentication of Identity 18 1.11.2 Protection of the Infrastructure 19 1.12 Data Security in Blockchain 19 1.13 Discussion 20 1.14 Algorithms 20 1.15 User Roles in Blockchain Project 21 1.16 Developer Concepts 21 1.17 Conclusion 22 Acknowledgment 22 References 23 1.1 INTRODUCTION The basic concept of blockchain technology is that it uses the process of the distributed database, which performs a number of transactions that are entirely open to the partici- pants. The blockchain system verifies all the transactions that are made, and once the transaction is done, it keeps track of the transactions and it is not possible to destroy the records. The blockchain specifies that it gives pure verification to all the transactions and keeps a solid record that can never be misguided. In simple words, it is much easier to steal something placed in a specific place rather than stealing the same thing placed in front of thousands of people [1]. The blockchain is made up of blocks, each of which contains a record of all the exchanges made between its users at a given time. These different blocks thus provide a history of all the transactions since its creation and allow everyone to check the accu- racy of the data exchanged. The blockchain is a distributed register: it is the user who own and update the infor- mation, without the need for a central authority. This decentralized nature allows it to be used in many different ways, beyond digital currencies such as Bitcoin, for which it was invented in 2008. Bitcoin is one of the prominent examples introducing the world with a multi-billion market with all the anonymous transactions. It doesn’t involve any centralized control. It is one of the famous cryptocurrencies that has attracted millions of people to participate, but, on the other hand, there are many controversies [2]. Let’s analyze the current situation of the digital economy. It will be clear that all vendors providing the services are based on trustworthy sources. In simple words, it will
- 20. 1 • Algorithms and Security Concern in Blockchain Technology 5 be clear that there is always a centralized medium for management that gives the people the confidence to rely on these sources for their investment. For example, let’s consider the banking system, just like any banking transaction we do. Bank confirms that a third- party agent always plays a centralized role if the transaction is processed successfully. But here, the compromised thing is that this third-party agent can be easily vulnerable to security threats, which creates a risk for the system to be hacked. So, at this point, blockchain technology has an important consideration. This is one of the unique ways of securing all the relevant transactions of all time which can be verified easily. And this verification is done based on the privacy of the digital world and all the participants involved. In other words, the distributed nature of blockchain technology and anonymity are its unique features [1]. 1.2 SECURITY CONCERN IN BLOCKCHAIN Information security is correlated with social life, wherein it can run in the whole system of national informatization. The construction of national informatization is the central point of information security. People have invested vastly in information security due to security concerns in their social and work lives. Blockchain can also be a strategic tool for cyber security. Indeed, the current wave of cyberattacks is becoming increasingly sophisticated, fueled by both sophisticated mechanisms and a proliferation of devices that offer hackers numerous entry points. Although solutions are developing in line with the evolution of attacks, they could nev- ertheless reach their limits when faced with a certain type of malicious act. In addition, it is bringing a revolutionary change in information security and tech- nology. This technology can identify and certify, stay strong against Distributed Denial of Service (DDOS) attacks, and assure data credibility and integrity to develop the information security technology. Blockchain technology is the base upon which founda- tion of Bitcoin data structure and the transaction of information-encrypted transmission is constructed [3]. Blockchain technology uses a cryptography form and provides an open, decentral- ized database of every transaction involving value, money, goods, property, work, or even notes. Cryptography ensures that no one can change the records. It was usually developed as the accounting method for Bitcoin and is used in many commercial appli- cations today. The main purpose of the blockchain is to verify the transactions. It is straightforward to digitize code and insert any document into the blockchain [4]. The blockchain is made up of a vast network of nodes. The computers of the block- chain network use a different client that executes the transactions, i.e., validating and relaying transactions. When you join the blockchain network, the node automatically gets the complete copy of the blockchain. Every node is regarded as the administrator of the blockchain and every person can participate in this network and get the chance of winning Bitcoins. Each node in the network updates the record independently [5]. The blockchain is a type of database that the public holding encrypted ledger can access; this means a block is the current part of the blockchain which records the recent
- 21. 6 Security Engineering for Embedded and Cyber-Physical Systems transactions. Once verified, it becomes a permanent part of the growing blockchain. The people who run the system use computers to hold bundles of records made by others, known as “blocks”, as a chronological chain. The “block” is the main and important part of the blockchain, verifying and recording recent transactions. After the comple- tion of the block, it gets saved in the permanent database of the blockchain. Whenever a block gets completed, it overrides the previous one. In this way, numbers of blocks are connected in a blockchain. The blockchain carries a complete set of information about a specific users’ addresses until the last completed block [5, 6]. Every block contains some information, some of the new block and some of the last block. • Data: Each piece of information present in the block depends on the type of blockchain. • Hash: The block contains a hash in it, you can compare a hash to a fin- gerprint. Hash is very useful in detecting and upgrading the block [7]. It is always unique and it identifies the block. If you make changes inside the block, it will cause the hash to change. • Hash of the previous block: This effectively creates blockchains and secures the blockchain. If the hash of previous blocks changes, it will make the fol- lowing blocks invalid. The first block is known as the genesis block. 1.3 MINING IN BLOCKCHAIN The blockchain is particularly the technological innovation of Bitcoin mining. The transaction which has been completed gets recorded into the blocks and then automati- cally into the blockchain, where first it is verified and then used by other Bitcoin users. On average, every 10 minutes, a new block is generated in the blockchain using the min- ing process. Bitcoin is just the beginning of the blockchain. In the future, blockchain will manage and verify online data. Blockchain network lacks the centralized points that computer hackers can easily exploit. The Internet today has many security issues that are almost familiar to everyone in this world, as we all rely on simple “username/password” to protect our identity [8]. For security reasons, blockchain uses encryption technology. You can store your data on blockchain without any fear. It can solve a stock transaction in a few seconds if it takes place on a blockchain-based system. It can never get manipulated or hacked because of the basic structure of blockchain. Once the information has been saved inside a block- chain, it is very difficult to update the information [7]. The most transformative application of blockchain is the “Smart Contracts”. These automate the payments and safe currency transfer as negotiated conditions are met. A company could signal via blockchain that a good has been received, automatically triggering the payment [8]. The implications of blockchain technology are fascinating. Many tech companies are adopting blockchain technology to disrupt a variety of indus- tries. This technique would embed the Bitcoin mining chips into Internet of Things
- 22. 1 • Algorithms and Security Concern in Blockchain Technology 7 (IoT) devices and cell phones, according to research. Some established firms are also interested in using this technology such as Microsoft Corporation. Blockchain also offers point-to-point (P2P) network as everyone can join this network. When a user joins this network, she/he gets a full copy of the blockchain, which the node can use to verify that everything is in order. When someone creates a new block, that block is sent to everyone in the network, and each node verifies the block to ensure it has not been tampered with. Then, every node adds the block to their blockchain [9]. The uses of blockchain technology are endless. You only have to download this app on your computing device, then you can transact with it without paying a single transaction fee. Some expect that in less than 10 years, it will be used to collect taxes. It will make easy for the immigrants to send money, back to countries where access to financial institutions is limited. It could also enable us to launch companies entirely run by algorithms making the self-driving car safer. It can also track billions of devices on the IoT. These innovations will change our lives forever and it’s all just beginning [10]. The blockchain technique can add up to serious cost savings. The blockchain serves as a financial institution and each block in the blockchain is like an individual bank statement. 1.4 INNOVATION OF BITCOIN Blockchain technology is the public ledger responsible for keeping all the records from the very first stage. It makes the transactions information available for keeping records and verification purposes. The backbone of the blockchain comprises a number of blocks linked to each other and every new block is generated and added to the chain in a sequence. For authentication purposes, Bitcoin uses special digital signatures, i.e., ECC [11]. And for verification, there are certain vendors in the Bitcoin-linked network known as miners. These miners are based on specially programmed software that uti- lizes computer power to verify the transactions. It uses the bandwidth and the electric power, where blockchain comes into action. Every time, a block is generated repeatedly throughout the Bitcoin system with the help of a miner. This way, replicated copies of all the Bitcoin transactions are gener- ated across the network for the last 10 minutes. So, in this way, the miner utilizes the computer power to ensure effective transition between the two parties without any issue. This is how Bitcoin is different from the normal traditional banking system. The largest amount of Bitcoin that has ever existed is 21 million. Due to this, all the payments made are like taking the currency free of limitation. That is how a transmission control pro- tocol based on the “communication” protocol is different from the blockchain protocol, which is based on the “value exchange”. So, the only way to add more Bitcoin to the network is to use the process of mining [12]. Nowadays, the world is leading toward using the new version of blockchain tech- nology, indicating other ways of using this technology, which is not just limited to transferring money. There are a number of new protocols that have been introduced, i.e., Multichain or Ethereum, etc., that can be considered for using this technology in a better way. Most of them are normally based on the similar concept of distribution
- 23. 8 Security Engineering for Embedded and Cyber-Physical Systems system, i.e., ledger and some of the better features are added like smart-contract and many other applications. Work is continuously being done to increase the boundaries of this technology and many new techniques and applications are introduced [11, 12]. 1.5 BITCOIN According to the report, there are around 110 types of cryptocurrency. Still, Bitcoin constitutes about 77% of the cryptocurrency’s total market due to the highest number of available active users [12]. It is one of the famous forms of a digital currency run over the entire network. It points to a point-based system of payment that doesn’t constitute any central medium. The major backbone of Bitcoin is blockchain technology. And this technology com- prises all the available features for the Bitcoin currency. One Australian businessman named Satoshi proposed the foundation of Bitcoin back in 2008 [13]. Figure 1.1 shows mining process in Bitcoin. 1.6 BACKGROUND TECHNOLOGIES All the individuals who want to add the block must follow up with some work. So, for the proof of work (PoW), it requires a significant amount of computational power involved in giving the proof, like, in this way, all the participants in the network can FIGURE 1.1 Bitcoin mining.
- 24. 1 • Algorithms and Security Concern in Blockchain Technology 9 know that the work is done for generating more blocks in the chain. Therefore, this can prevent the bad users from manipulating the chain, thus ensuring the system’s integrity. Hash-cash is the function used to promise the verification of the system based on the PoW. It doesn’t involve any kind of central medium, rather it is distributed effec- tively. It uses the method of symmetric key cryptography, i.e., SHA-1 or SHA-256 [14]. The major function of the hash value is that it takes the data that can be of an alternative size and because of that input, it transforms the data in a way that it is not possible to reserve it and makes it into a special string. In case of any changes in the data received, the hash function is changed very randomly. Thus, no one can make the same hash value with the various data blocks. So, every hash matches specific data, while in the case of Bitcoin, all the input data is more than the SHA-256 hash value [14]. Therefore, Bitcoin doesn’t require any serial number as the specific hash value identi- fies each block. This strategy provides the identification and promises the integrity of the data. Adopting this kind of strategy allows us to verify the real owner of Bitcoin. It ensures the distributed database of a number of available transactions, which avoids the user for wrong spending. 1.7 POINT-TO-POINT NETWORK In the Bitcoin framework, there are “nodes” involved in the operation of the whole sys- tem. In the P2P network, all the involved parties hold similar opportunities to start the communication process. That is how, all are involved in the processing of transactions, keeping the record updated in the system, and ensuring that all nodes in the network get the information effectively [15]. One special protocol used in the Bitcoin system is known as the Gossip protocol. The major functionality of this protocol is that it informs about the data to each node and in return, it receives data as well. By adopting this protocol strategy, data is dissemi- nated throughout the entire network. Another major consideration about this protocol is that it follows up with the fault-tolerant mechanism, which means in case of any node failure in the network the availability of information via multiple places would not get affected. Other than that, it is worth considering this protocol because it is highly scal- able. It can consider various nodes and adjust itself in the network irrespective of the changes while performing the configurations in the network [16]. 1.8 CRYPTOGRAPHY IN BITCOIN In case of public-key cryptography, every coin is linked with the real owner’s public key, which means when the Bitcoin is sent to anyone, a message is created in terms of the transaction and as a result, the public key is attached to all the available Bitcoins and the private key verifies them. So, as a result, when it is publicly broadcasted, this
- 25. 10 Security Engineering for Embedded and Cyber-Physical Systems will cause other users to know that the owner of the Bitcoin is the same owner of the key. The owner’s signatures are solid evidence that the message produced is trustwor- thy. Everyone holds all the previous records of transactions, so this strategy makes it possible to identify the real owner of the coins at any time [17]. Figure 1.2 shows the cryptography in blockchain. To ensure the integrity of the whole blockchain system, every block in the chain promises the integrity of the last block (previous). And this process continues till the first block. So, in this way, no one can overwrite any one of the available records. This process is expensive as it is quite hard to fulfill all the special requirements. 1.9 CHALLENGES ASSOCIATED WITH BITCOINS The major drawback in Bitcoin is that it doesn’t involve any kind of central medium or authority for the transaction control. Instead, it is public, which brings up certain secu- rity concerns [18]. So, while considering this scenario, the following are some of the security aspects that should be considered. 1.9.1 Twice Spending on Coins This term means that the user shouldn’t be able to use similar coins two times and shouldn’t be able to use the same coin for another user at once. Through the block- chain infrastructure, spending twice is prohibited; therefore, for this, everyone over the Bitcoin network must agree to the certain transaction before its confirmation. While adopting this strategy, it can be assured that the user didn’t use the coin and whether the user is the actual owner of the coin. This identification is possible because the block- chain system keeps the record of all the available history of transactions; therefore, the real ownership of the Bitcoin can be traced easily. So, it can be concluded that the double spending of the coin simultaneously is not practically possible. If anyone man- ages to spend two blocks, just one of the transactions will work because of the nature of design of the algorithm [19, 20]. FIGURE 1.2 Cryptography in blockchain.
- 26. 1 • Algorithms and Security Concern in Blockchain Technology 11 1.9.2 Access to the Network It is tough to consider the whole network while using computational power. In the case of anyone who managed to get access to most of the network will allow him/her to do anything as he/she intended to do, which may fail the entire network. This can be avoided by adopting the PoW technique, assuring that none would alter Bitcoin as a whole network while considering the computational power. This process can be adopted if many people make a big pool but this has never happened yet. The algorithm used in the block hash is made so that each block constitutes the hash value of the last block of the chain. The block configurations are shown in Figure 1.3. In case someone wants to alter the data in the transaction, then they have to follow up with the PoW for that specific block and this follows up with all the interconnected blocks while considering the computational power, so that they could create the PoW of all the previous blocks and in the same way create the similar one for the newly gener- ated blocks. At the same time, they are added to the ledger. Well, the only case in which the probability of success can be possible is when the overall control is more than 51% of the total value of computational power [21]. In usual circumstances, no one has the authority to access private key information. Still, in case of higher computational power, the access for changing the transaction can alternatively be possible. While, along with this, due to higher computational power, the creation of a large amount of cryptocurrency can also be possible by utilizing the process of mining. FIGURE 1.3 Block configurations.
- 27. 12 Security Engineering for Embedded and Cyber-Physical Systems 1.9.3 Anonymous Users This is one of the vital considerations in Bitcoin technology that the anonymity of all the participants is promised. Although the functionality of Bitcoin is based publicly, however, keeping the user identity confidential and private is necessary. Therefore, it becomes difficult instead of impossible for anyone to explore the relationship between the certain key and the person behind the key. This situation is achieved at a certain level by considering the utilization of public-key as the address. 1.9.4 Legal Issues in Bitcoin The basic system of blockchain technology in Bitcoin is that there is no central system of management; therefore, the whole system will only stop working if the overall network is shut, which is practically not possible. Following are some of the legal considerations in the Bitcoin network: • Practically, all the legal enforcement parties, including the government, failed to control the Bitcoin networking system. All the transactions and number of activities performed over the Bitcoin network cannot be traced over the nor- mal circumstances. This has promoted some illegal things over this network. This can be understood by considering the example of buying drugs that can probably not be possible to buy via normal credit or debits cards, etc., but here cryptocurrency is the solution that can be used due to its feature of un- traceability [22]. So, these kinds of issues made it impossible to use this plat- form under the legal boundary. • There are certainly other legal concerns about the Bitcoin platform which are very confusing; for example, if the Bitcoin is treated as money or property, other than that if the owner of the Bitcoins is liable of paying tax, if “yes” what are the possible ways this can be implemented as there is no central controlling mechanism in Bitcoin [23]. • Another strange thing about Bitcoin is that its value or price changes fre- quently and in a wild way, and this trend is possible because of a limited num- ber of participants and the transactions, and also because of social media. None of the government of any country, including a number of banks, would like to base their economy where there is no centrally controlled structure. 1.9.5 Technical Issues in Bitcoin Apart from legal and security concerns in the Bitcoin technology, there are a number of technological issues in the Bitcoin network. Following are some of the issues based on Bitcoin technology: • One of the significant challenges in the operation of a Bitcoin network is the power consumption used by the feature of PoW in Bitcoin which requires
- 28. 1 • Algorithms and Security Concern in Blockchain Technology 13 a significant amount of computational power for transaction verification. Therefore, it isn’t worth wasting this much power on a small task. • A total of 21 million coins are the total number of Bitcoins that can be pos- sibly achieved and according to forecasting, this will take place by 2140 [23]. Afterward, there won’t be any mining payment, and during this situation, the only possible way is the fee that is charged during the transaction and that will be the sole means for mining blocks by the miners. So, in this scenario, the Bitcoin system will be useless, when the transaction payment is the same as other centralized systems. • In terms of safety, Bitcoin’s overall network is quite safe and secure; how- ever, if anyone or maybe some group gets control over the major computation power, this might cause the overall system to come down. However, this con- dition is quite impossible to achieve as mentioned before. • Another major technical concern about the Bitcoin network is that if someone commits any mistake that might be unconscious, there is no way to get that fixed. In one way, this is an advantage, as this enhances the network’s security, as no one will be able to perform any alterations or changes. However, on the other hand, this can create a problem when something is done just by human error. • Many concerns are causing privacy issues in the Bitcoin infrastructure, including removing sensitive personal data from the Bitcoin system. While considering the other blockchain technologies, there are a number of situa- tions where it keeps the data of the users at a certain time. Still, when there are alterations in the circumstances, this personal data is not kept the same way as before. This can be easily understood by considering the following example: the Unites States has recently published a law that states that the name of the company’s CEO and date of birth must not be published on the company’s website. However, other information like license holder, etc., can also be changed similarly. All this data is under the control of the govern- ment. However, blockchain technology gives the best chance to people to get together and make their data-sets throughout the end-to-end network without the involvement of any central medium [24]. 1.10 THE CONSENSUS ALGORITHM IN BLOCKCHAIN A consensus algorithm is a process in computer science used to achieve agreement among distributed processes or systems. There are various consensus algorithms like Paxos. Google implemented a distributed lock service called Chubby (based on Paxos), PoW, etc. Two of the general problems in blockchain technology that need to be solved are double-spending problems and Byzantine Generals’ Problem [25]. Double-spending is an error in a digital cash scheme in which the same digital token is spent twice or more. This is possible because a digital token consists of a digital
- 29. 14 Security Engineering for Embedded and Cyber-Physical Systems file duplicated or falsified. The prevention of double-spending has taken two general forms: centralized and decentralized. It is usually implemented using an online central trusted third party to verify whether a token has been spent. This normally represents a single point of failure from both availability and trust point of view. The second problem is the Byzantine Generals’ Problem. We all know that block- chain is a decentralized network. There is no central authority in a decentralized network, and one node does not trust any other nodes. The question is how all the nodes can agree on the correct state of shared data. This is known as the Byzantine Generals’ Problem. This problem is described as a group of generals of the Byzantine army camped with their troops surrounding an enemy city. The generals must agree upon a common battle plan and they can only communicate with each other using mes- sengers. However, one or more of the generals may be traitors who will try to confuse the others. The problem is to find an algorithm that ensures the loyal generals will reach an agreement on the battle plan regardless of what the traitors do [25]. Table 1.1. shows a comparison of the five consensus algorithms. The characteristics of the consensus algorithm include points discussed in subsec- tions below. 1.10.1 Proof of Work (PoW) A PoW is a remarkable piece of data that is very difficult to produce to satisfy basic requirements. It is a random process to generate PoW with low probability and effi- ciency so that the number of trials and errors is required before a valid PoW is produced. This mechanism could reach a consensus between many nodes on a network and secure the Bitcoin blockchain. However, the PoW algorithm works with all nodes to solve a cryptography puzzle. This cryptography puzzle is solved by all the miners and the first one to solve it gets the miner reward. PoW gives more rewards to people with better equipment. The higher your hash rate is, the higher is your chance of creating the next block and getting the miner reward. To increase chances any further, the miners can come together and form a mining pole; they combine their hashing power and distribute the rewards evenly across everyone in the pole. One of the disadvantages of PoW is that it uses a large amount of electricity. With PoW, rich people are more likely to enjoy TABLE 1.1 Comparison of the five consensus algorithms CHARACTERISTICS CONSENSUS ALGORITHMS POW POS DPOS BPFT RAFT Byzantine fault tolerance 50% 50% 50% 33% Crash fault tolerance 50% 50% 50% 33% 50% Verification speed 100s 100s 100s 10s 10s Throughput (TPS) 100 1000 1000 2000 10k Scalability Strong Strong Strong Weak Weak
- 30. 1 • Algorithms and Security Concern in Blockchain Technology 15 the power of economics at scale [26]. Figure 1.4 shows the Practical Byzantine Fault Tolerance (PBFT) consensus mechanism. This method forces miners to have a stake in the Bitcoin network. Proof of stake does not have miners but instead validators. It does not allow people to mine new blocks but instead mint or forge blocks. To become a validator, a node must deposit a cer- tain amount of coins into the network as a stake. The size of the stake determines the chances for the validator to be chosen to forge the next block. The validator chosen to validate the next block will check whether the transactions in the block are correctly made and if everything checks out, the node signs off the block and adds it into the blockchain. As a reward, the node receives the fees associated with the transactions related to this block. If the node no longer remains as the validator, his/her stake as well as all of his transaction fees which he/she has got will be released after a certain period. Proof of stake is environmentally friendly compared to PoW because it does not utilize a large amount of electricity [26]. 1.10.2 Delegated Proof of Stake (DPoS) DPoS users conduct a reputation system and real-time voting to create a panel of limited trusted parties, which are called witnesses. Witnesses have the right to create blocks to add them to the blockchain. You can consider this a representative democracy in which citizens elect officials to represent them while making decisions. In the model, people’s worth strength depends on how many tokens they hold. This means the people with more tokens will influence the network more than people with very few tokens. The voting for the witnesses is a continuous process. Therefore, the witnesses must carry out their functions to a higher standard or lose their position. The DPoS is a decentralized consensus model, with a high transaction rate and low energy [26]. 1.10.3 Practical Byzantine Fault Tolerance (PBFT) It was a breakthrough in distributed computing that came out in 1999. It is a replication algorithm that can tolerate Byzantine faults and achieve variable consensus in a distrib- uted computing network. It is a multi-stage verification process where at the beginning, FIGURE 1.4 Steps of PBFT.
- 31. 16 Security Engineering for Embedded and Cyber-Physical Systems the verification is done by a selected number of nodes. As it progresses through the verification process, it needs more and more confirmation. It is used in many distributed networks such as Ripple, Stellar, and Hyper ledger. 1.10.4 Raft Consensus Algorithm The Raft is a characteristic of the consensus algorithm like Paxos in fault tolerance and performance. The main function of Raft is that all nodes in a group agree on the same transitions. In Raft, a person is selected from the group who acts as the leader. The leader’s job is to accept the requests made by the clients and then manage the replication of the log to other servers. The data flows in one direction from the leader to the server [26]. Figure 1.5 shows RAFT consensus algorithm. 1.10.4.1 Technology behind blockchain This is a basic issue that Lesley Lambert has developed to have a proper communica- tion system between peer-to-peer [27]. The technology originated from a mathematical problem known as Byzantine failures. The point of the Byzantine question is to formu- late consistency to message via the channel of information. Hence, the anticipation is that the channel is always reliable to communicate. Blockchain technology is also known as the technology of distributed ledger and it also has an underlying technology that confirms the operation of Bitcoin. In the Bitcoin Forum, an essay written by Satoshi Nakamoto has been published in which the name “Bitcoin” first appeared in “Bitcoin: A Peer-to-Peer Electronic Cash System” [28]. Blockchain technology is an amalgamation of numerous technologies. The technolo- gies are integrated into a database to maintain a reliable and unique database. This is a database technology that is distributed through the Internet. Storage is being done in a centralized data center. In blockchain technology, any person in this system can work in the data center. This technology can integrate, be continuous, and consistent through password verification of asymmetric mechanisms. FIGURE 1.5 RAFT consensus algorithm.
- 32. 1 • Algorithms and Security Concern in Blockchain Technology 17 1.10.4.2 Aspects of blockchain technology Blockchain technology is one of the evolutionary technologies on the Internet. The core of blockchain consists of block-based data structure, the architecture of decentralized open-source, cryptographic asymmetric mechanism [29]. The blockchain is a distributed database technology that is entirely different from the traditional structure of the database. This technology is equipped with the innova- tive block as an important data component. Information of the data is being kept in the data record and the file that keeps and stores the data is known as a block. Nakamoto has created a genesis block where every single block is responsible for recording the value in the case of the creation. The structure of the block keeps a header of the block and that block creates a link with the previous block. The genesis blocks, as well as the block structure, are given in Figure 1.6. That is why the block’s structure consists of two distinctive characteristics. At first, the data information inside the block is an exchange of the activity recorded. In con- trast, the creation of the previous block takes place to create the whole block to ensure the integrity of the database blockchain. Next, in the case of creating and linking to the ending point of the blockchain, the block data is ready to have assurance and the consis- tency of that blockchain database. The block acts like a node based upon the value exchange agreement to create a blockchain. Before generating the latest block with the prior block, the index must have been known. That is why each block is needed to be linked with the prior block. Hence, it can be said that index of prior block creates the head of the following block and the data information creates the data block and here, the timestamp has to be fixed to the end [29]. “The magic of blockchain data structure: a block (complete history) + chain (full authentication) = a timestamp, which is the maximum innovation of the blockchain technology” [30]. Blockchain technology database can store complete data information starting from genesis block and it goes to the last block in the structure. Every data, as well as messages, can be traced and validated. Since blockchain technology differs from many technologies, it does not record and store data in a centralized data center, instead of different nodes that are bound to work together. To begin with, blockchain technology is constructed with different sets of protocol mechanisms. Different nodes are used to do different tasks. One is used for maintaining the data information for its node, whereas the other is responsible for verifying other nodes. The block data information depends on how almost all the nodes in that network can correctly consider information. Later, the comparison of the result and the authenticity is considered. In this technology, all data are regularly and spontaneously updated. In FIGURE 1.6 Genesis block and block structure.
- 33. 18 Security Engineering for Embedded and Cyber-Physical Systems addition, they are also stored in different nodes of the network that participate while the recording is going on. Though some of the nodes might be tampered with or damaged, it would not impact the recording of the database. The network system is purely stood upon the principles of volunteering. It also tries to establish a spread-out network system. Here, all persons can have accessibility to each other. By having so, total networking system will be decentralized as well. Data information is being validated as well as dis- seminated throughout the distribution network. In the case of blockchain technology, a different type of transaction is needed to be distributed in the distribution structure. For the P2P protocol, the messages are delivered to different nodes from a single node in the whole network. This is fully a decentralized architecture that is updated in real time in a single network node to ensure the security of the blockchain database [31]. The accounting distribution, storage, and dissemination of the blockchain depict that an organization can’t have absolute control over this. The procedures regarding the storage of the data, transmission of the information, and the verification of the transac- tion are kept decentralized. The blockchain technology can validate the ownership regarding the information that is purely based on the algorithms of asymmetric encryption. Two distinctive keys are required to encrypt and decrypt such as a public key and a private key. The pub- lic key is used to have the blockchain encrypted and remains open to anyone in the entire network. Anyone can use their public key in the case of encrypting data. On the contrary, the private key can only be owned by the information owner. To encrypt infor- mation, a private key can decrypt it to ensure the security and privacy of the data. Some common encryption algorithms are RSA, ElGamal, D-H, ECC, and many more. In the case of the blockchain technology transaction, the public key is responsible for encrypt- ing the transaction. In contrast, the private key is responsible for decrypting it to utilize the value of the original data it has [32]. In a decentralized environment, all blockchain agreements are required to stay ahead of where the script is being taken as a programmable smart contract. This technol- ogy utilizes a script and in return, it ensures flexibility, practicability, and adaptability. The scripts are files that can be executable in some formats. This can also provide a list of different instruction for holding value on each exchange job. 1.11 EXHUMATION OF BLOCKCHAIN TECHNOLOGY IN THE CONCERN OF INFORMATION SECURITY 1.11.1 Authentication of Identity The authentication process is a system that examines the identity of the users. It gives a mechanism for confirming the identity of the users [32]. The normality of the technol- ogy is to protect the users who are legitimate. The authentication technology is regarded as the pillar of the security protocols like accessibility to the control, detection of the intrusion, security audit, etc. These are the
- 34. 1 • Algorithms and Security Concern in Blockchain Technology 19 important components of information security. The authentication technology includes different password-based technology, smart card-based authentication technology, and PKI-based authentication technology. In addition, different authentication technol- ogy has been introduced based on different biological characteristics of humans [33]. Traditional authentication technology has already adopted a centralized authentication method. The Certificate Authority (CA) is responsible for executing the authentication technology to realize the functions in terms of issuing, revoking, updating, and verifying certificates. Nowadays, web-based application systems like email, portal, and messag- ing applications purely stand upon the CA mode. On the other hand, it is a big risk since the crackers can crack the CA center to crack the encrypted information. The authentication process of the identity is purely situated on the technology of blockchain. It has different characteristics of different decentralized authentication, whereas it does not create any threats to the CA. In addition, releasing a blockchain key can surely disrupt any action of the fake secret key. Now, a project from MIT named by “certain” is one of the best examples of implementing PKI created upon the block- chain technology. The certain can remove the centralized CA and replace the spread-out accounts by utilizing the blockchain. Moreover, Pomcor has already marketed an imple- mentation of PKI based on the blockchain. The approach permits the users to authenticate certification via decentralized and transparent sources of the user. IOTA project is used to leverage a lightweight, Tangle, block the less and scalable account and acts as the standing pillar of the IoT [34]. 1.11.2 Protection of the Infrastructure DDoS is responsible for attacking different computers as a platform with assistance provided by the Client/Server (C/S) technology [35]. Denial of Service (DoS) is responsible for targeting the availability of three compo- nents related to the security of the information: usability, confidentiality, and integrity. The attack mode uses the defect in the system network that is responsible for consuming the resources. Therefore, the target stays unable to give expected service to users. The basic type of DoS attack can require huge resources to implement by utilizing the requests of the service. By doing so, the legitimate users might not have the prompt response of the service [34]. The attack might have a target on the memory, CPU, and bandwidth where the performance indicator is relatively low. The attack of DoS is made on a one-on-one respectively. Since the network and computer technology are devel- oping day by day, DoS attacks are less likely to occur. The reason behind that is the increasing power of the computer processor, increased memory, and bandwidth. 1.12 DATA SECURITY IN BLOCKCHAIN Data is being built on the exact foundation of that application system. For the method of cryptography, the digital signature creates a new set of information that depicts the integrity and the identity of the signer that is embedded into the data file [36]. The user
- 35. 20 Security Engineering for Embedded and Cyber-Physical Systems is responsible for confirming the signature by using the public key of the signers to authenticate the information. Generally, the intention of using a private key is because of the digital signature technique for the recipients. A problem is that the private key needs to be verified to see it has not been fabricated or tampered. As blockchain technology is developing, usage of this technology to replace the data signature can help to replace classified informa- tion with total transparency. That can increase the cost of the tampered data; hence, it is impossible to alter data without being sought [36]. 1.13 DISCUSSION Blockchain is one of the leading and emerging technologies in the 21st century. The overall theory of blockchain technology has given us insight into this decentralized tech- nology. A number of previous literature reviews have helped us identify the number of possible improvements and concerns that can be considered in the future. Undoubtedly, Bitcoin technology has been researched and investigated on a broader scale. This has allowed studying further on this technology toward the future perspective while consid- ering the number of blockchain applications. According to the researchers and investigators, this technology constitutes a number of characteristics that are composite of many advantages which are fairly well to be used in the financial sector. Blockchain technology has already been implemented on a larger scale in cryptography and other information technology sectors. However, there are still limitations to implementing this technology on a large scale during this era of the modern world. The experts are still hopeful for blockchain technology to perform the future con- tribution due to the immense advancements and the development in the Internet industry. Blockchain technology uses cryptography to make a system more secure and trans- parent. This technology was designed for digital currency such as Bitcoin, ripple. We can send this digital money to anyone. It doesn’t have any physical worth. It stores information or data over the network to make it a centralized or distributed system so that anyone can access it. There are a number of blocks in blockchain technology that contain all data. It provides an open, decentralized database for money, goods, or work transactions. Blockchain has a vast network of nodes and for the execution of transac- tions, it uses different clients, transactions like relaying and validating. The blockchain is one of the emerging technologies of this century, and many researchers and investiga- tors are putting their efforts into getting the best possible deal out of it. Its tremendous advantages and useful implications in a number of different areas can never be ignored. 1.14 ALGORITHMS Blockchain technology uses different consensus algorithms. The consensus algorithm is a technique or a process in the computer field to attain the goal among distributed systems. Different consensus algorithms are used to achieve the results, i.e., Paxos,
- 36. 1 • Algorithms and Security Concern in Blockchain Technology 21 Chubby (a google implemented distributed service) and PoW. The PoW algorithm is used in blockchain technology to secure the Bitcoin blockchain and it can be used to get consensus between different nodes. There are some other methods and algorithms used in blockchain technology for getting a good result: Proof of Stake, DPoS, and PBFT. The Proof of Stake method is used to mine the transactions according to your holding coins. It means that you have more power in mining if you have more coins. We can say that the Proof of Stake method works directly proportional to your coins. Peercoin was the first coin that used Proof of Stake method. DPoS method is used to solve the scalability issues that faced the users in the blockchain. EOS, BitShares, and Steam used this method. DPoS has also sped up the transactions and creation of blocks. Byzantine Fault Tolerance defines the system which permits the class of failure from Byzantine Generals’ Problem. The most difficult class of failure modes is a Byzantine failure because a node can generate any garbage value during the transactions, which are very difficult to handle. 1.15 USER ROLES IN BLOCKCHAIN PROJECT There are three different types of user roles in blockchain project: Application Developer, Solution Administrator, and Business Network Participant. Application Developer develops the application that interacts with the ledger, modeling the business network and implementing the script files that define transaction behavior. The Solution Administrator provides the target environment, deploying the business application and managing the blockchain. The Business Network Participant runs an end-user application that invokes trans- actions, is aware of business concepts such as assets, participants, and transactions, but may not be aware of blockchain underpinning. 1.16 DEVELOPER CONCEPTS The application concepts provide the user’s front-end and may require different applica- tions per participant. Furthermore, it interacts with the registries to add, delete, update, query, and registries that persist on the blockchain. It also connects to the blockchain via JavaScript client libraries (SDK) or REST. The model concept provides a domain- specific language (.CTO) that defines the type structure of assets, participants, and transactions. Moreover, it aims to match how we talk about business networks in the real world. The script concept provides the implementation of transaction processor logic specified in JavaScript. Further, it is designed for any reasonable JavaScript developer to pick up easily. In terms of security, blockchain technology constitutes a number of vulnerabili- ties, which must be considered. Although this technology is decentralized from the
- 37. 22 Security Engineering for Embedded and Cyber-Physical Systems government agencies, however in terms of its dependence on the technology, it depends on the Internet platform for accessing resources like database and another authentica- tion system. While blockchain technology has given big confidence to the people during its features of very strong cryptography, once the whole process of performing transac- tions is unchangeable, it is not possible to reverse. Another major consideration about the blockchain infrastructure, which also includes the Bitcoin system, is that the system is highly available because the block- chain system is decentralized. It doesn’t hold any centralized server, making it resistant to DDoS attacks. Therefore, this technology is highly acceptable for people. 1.17 CONCLUSION This technology can devise a new perspective on trading technologies like the security of the password, decentralized coherence, sharing the public accounts, and the visibility of the control as well as the permissions. It surely can create a new society by exchang- ing different tangible or intangible assets. Due to its security features, it is getting better each day in terms of its acceptance toward the people and it is booming the users’ con- fidence to get themselves involved. In the past, Bitcoin technology used to be considered the only innovation in the Bitcoin platform; however, during the current era, it can be seen very clearly that block- chain technology is expanding its horizon toward many other sectors bringing the innovation to many areas. This technology has shown a great transformation of con- ventional industry into a much better technological platform with security, persistence, and accuracy features. Decentralization and anonymity also remained the best features of this technology. Currently, blockchain technologies are booming at an exponential rate and there is still research and investigation that are carried out to ensure the maximum confidence of people toward this technology. Its applications are expanding in various areas of IT, which typically include the sector of IoT and other financial and trading sectors. Instead of having some challenges and issues related to the blockchain network, ultimate advan- tages can never be ignored. The world is seen to be moving toward this technology to get more optimal solutions. Researchers are putting more effort into making this platform more organized and secure such that any kind of illegal activities could be prevented. ACKNOWLEDGMENT This research chapter results from our mutual collaboration of participating actively in all the tasks. We would really like to thank our lecturers for their outstanding guidance and concerns throughout our work, who remained the guiding star for us. Without their engagement and personal interest, this wouldn’t have been possible.
- 38. 1 • Algorithms and Security Concern in Blockchain Technology 23 We are also very grateful to rest of the university staff members, who have given us environment and space where we can get access to the modern learning recourses whether it is a library or the virtual platform of University of Bedfordshire, Luton, UK. We would also like to thank our rest of the classmates, who have guided us when we have required any help in anything. REFERENCES 1. “Beyond bitcoin: emerging applications for blockchain technology”, NIST, 2018 [Online]. Available: https://www.nist.gov/speech-testimony/beyond-bitcoin-emerging-applications- blockchain-technology. [Accessed: 05 July 2018]. 2. E. Zukerman, “Bitcoin reviewed: clever, controversial financial/social experiment”, PCWorld, 2018 [Online]. Available: https://www.pcworld.com/article/230594/Bitcoin. html. [Accessed: 02 Jul 2018]. 3. Yuan Yong and Wang Fei-Yue, “Blockchain: the state of the art and future trends”, Acta Automatica Sinica, J. 2016, 42(4): 481–494. 4. S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system”, Consulted. 2009. https:// bitcoin. org/en/bitcoin-paper 5. K. Biswas and V. Muthukkumarasamy, “Securing smart cities using blockchain tech- nology”, in 18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016, December 12–14, 2016, pp. 1392–1393. 6. P. T. S. Liu, “Medical record system using blockchain, big data and tokenization”, in 18th International Conference on Information and Communications Security, ICICS 2016, November 29–December 2, 2016, pp. 254–261. 7. Y. Xiao, H. Wang, D. Jin, M. Li, and J. Wei, “Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control”, Journal of Medical Systems. 2016, 40: 218. 8. D. Kraft, “Difficulty control for blockchain-based consensus systems”, Peer-to-Peer Networking and Applications. 2016, 9: 397–413. 9. M. Vukoli, “The quest for scalable blockchain fabric: proof-of-work vs. BFT replication”, in IFIP WG 11.4 International Workshop on Open Problems in Network Security, iNetSec 2015, October 29, 2015–October 29, 2015, 2016, pp. 112–125. 10. F. Idelberger, G. Governatori, R. Riveret, and G. Sartor, Evaluation of logic-based smart contracts for blockchain systems, Springer, Cham, Switzerland, 2016, pp. 167–183. 11. L. Lamport, R. Shostak, and M. Pease, “The Byzantine Generals’ Problem”, ACM Transactions on Programming Languages Systems. 1982, 4: 382–401. 12. A. Back, “Hashcash – a denial of service counter-measure”, in USENIX Technical Conference, 2002. 13. S. King and S. Nadal, “PPCoin: peer-to-peer crypto-currency with proof-of-stake”, 2012. 14. Nxtwiki, “Whitepaper:Nxt”, 2015. 15. P. Vasin, “BlackCoin’s Proof-of-Stake Protocol v2”. 16. https://bitshares.org/ 17. https://bitshares.org/technology/delegated-proof-of-stake-consensus/ 18. M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance”, in Symposium on Operating Systems Design and Implementation, 1999, pp. 173–186.
- 39. 24 Security Engineering for Embedded and Cyber-Physical Systems 19. L. Lamport, “The part-time parliament”, Acm Transactions on Computer Systems. 1998, 16: 133–169. 20. L. Lamport, “Paxos made simple”, Acm Sigact News. 2001, 32, 51–58. 21. D. Ongaro and J. Ousterhout, “In search of an understandable consensus algorithm”, Draft of October 2013. 22. Brennon Slattery, “U.S. Senators want to shut down bitcoins, currency of Internet drug trade”, Jun 2011. Available: http://www.pcworld.com/article/230084/ 23. Jonathan Todd Barker, “Why is bitcoin’s value so volatile?”, May 2014. Available: http:// www.investopedia.com/articles/investing/052014/whybitcoins-value-so-volatile.asp 24. Jeni Tennison, “What is the impact of blockchains on privacy?”, Nov 2012. Available: https://theodi.org/blog/impact-of-blockchains-on-privacy 25. N. M. Hamza, R. A. Sarker, D. Essam, K. Deb, and S. M. Elsayed, “A constraint con- sensus memetic algorithm for solving constrained optimization problems”, Engineering Optimization. 2014, 46(11): 1447–1464. 26. J. Zhang, V. S. Sheng, Q. Li, J. Wu, and X. Wu, “Consensus algorithms for biased labeling in crowdsourcing”, Information Sciences. 2017, 382: 254–273. 27. Yuan Yong and Wang Fei-Yue, “Blockchain: the state of the art and future trends”, Acta Automatica Sinica, J. 2016, 42(4): 481–494. 28. Mei Haitao and Liu Jie, “Industry present situation, existing problems and strategy sugges- tion of blockchain”, Journal of Telecommunications Science. 2016, 32(11): 134–138. 29. S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system”, Journal of Consulted. 2008. https://bitcoin. org/en/bitcoin-paper 30. Melanie Swan and Xiao Feng, Blockchain: New Economy Blueprint and Guide, M. New Star Press, USA. 2016: 1–4. 31. Lin Xiaochi and Hu Yeqianwen, “A summary of blockchain technology”, Journal of Financial Market Research. 2016, 4(2): 97–109. 32. Liang Liu, Information security technology research in B2B e-commerce application sys- tem, D. North China University of Technology, China, 2013. 33. Kong Gongsheng, “Advances on secure authentication and trusted admission protocols for cloud computing”, Journal of Henan University. 2017. 34. Zhang Yi-fan and Dong Xiao-ju, “Visualization analysis and design of DDoS attack”, Chinese Journal of Network and Information Security. 2017, 3(2): 53–65. 35. Li Yang, Xin Yonghui, Han Yanni, Li Weiyuan, and Xu Zhen, “A survey of DoS attack in content centric networking”, Journal of Cyber Security. 2017, 2(1): 91–108. 36. Lu Rongbo, Analysis and design of proxy signatures and group signatures, Southwest Jiaotong University, China, 2006.
- 40. 25 DOI: 10.1201/9781003278207-3 2 IoT-Based Secure Smart Healthcare Solutions C.M. Naga Sudha Department of Computer Technology, Anna University–MIT Campus, Chennai, India K. Gokulakrishnan Department of Electronics and Communication Engineering, Anna University–Regional Campus Tirunelveli, India J. Jesu Vedha Nayahi Department of Computer Science and Engineering, Anna University–Regional Campus, Tirunelveli, India Contents 2.1 Introduction 27 2.2 IoT Healthcare Systems 28 2.2.1 IoT Healthcare Technologies 28 2.2.2 IoT Healthcare Policies 29 2.2.2.1 India 30 2.2.2.2 Australia 30 2.2.2.3 Japan 30 2.2.2.4 France 30 2.2.2.5 Sweden 31 2.2.2.6 Germany 31 2.2.2.7 Korea 31
- 41. 26 Security Engineering for Embedded and Cyber-Physical Systems 2.2.2.8 China 31 2.2.2.9 The US 31 2.2.2.10 The EU 32 2.2.2.11 The World Health Organization 32 2.3 Heterogeneous IoT 32 2.3.1 Application Layer 33 2.3.2 Cloud Computing Layer 33 2.3.3 Networking Layer 34 2.3.4 Sensing Layer 34 2.4 IoHT Services and Applications 35 2.4.1 IoHT Services 35 2.4.1.1 Ambient assisted living 35 2.4.1.2 Adverse drug reaction (ADR) 36 2.4.1.3 Children health information (CHI) 36 2.4.2 IoHT Applications 36 2.4.2.1 Medication management 36 2.4.2.2 Wheelchair management 36 2.4.2.3 Body temperature monitoring 37 2.5 IoHT Security 37 2.5.1 Security Requirements 37 2.5.2 Security Challenges 38 2.6 Role of Blockchain in Healthcare 40 2.7 IoHT Industry Status 40 2.8 Open Issues on IoHT 42 2.8.1 Standardization 42 2.8.2 IoT Healthcare Platforms 42 2.8.3 Cost Analysis 42 2.8.4 Application Development 43 2.8.5 Technology Transition 43 2.8.6 The Low-Power Protocol 43 2.8.7 Network Type 43 2.8.8 Scalability 43 2.8.9 New Diseases and Disorders 44 2.8.10 The Business Model 44 2.8.11 The Quality of Service (QoS) 44 2.8.12 Data Protection 44 2.9 Conclusion 44 References 45
- 42. 2 • IoT-Based Secure Smart Healthcare Solutions 27 2.1 INTRODUCTION The Internet of Things (IoT) is mainly termed the Internet of Medical Things (IoMT) in the healthcare sector. It is considered as an integration of medical devices and soft- ware applications. Healthcare services that are possible in the medical field are known from the symbolic representation of functionalities of the body, as shown in Figure 2.1. Recently, IoMT and IoT have had an enormous set of applications. It is made possi- ble due to the rise in mobile devices designed with near field communication (NFC) to interact with the IT systems. IoMT applications consist of numerous facilities such as medication tracking, remote patients monitoring, and wearable devices to transmit health problems to the respective health professionals. Health data is transmitted effi- ciently with their enhanced data collection and analysis ability. Healthcare sectors have gained more focus on IoMT technologies through which the medical organizations, innovators, and government bodies are working to reduce loads of healthcare entities. Internet of Health Things (IoHT) is developed with IoT-based solutions which can form network architecture that can initiate the interaction between the patient and healthcare facilities. Electrocardiography, electroencephalogram, heart rate, diabetes, and other monitoring devices such as biomedical sensors are considered IoHT devices. These biomedical sensors are applied for pulse detection, measuring the airflow during breathing, oxygen level in blood, glucometer (measuring the glucose level), body tem- perature, and electromyography (measuring the electrical activity of skeletal muscles). Patient data is collected by sensors which are processed through applications. These applications are used by the user terminals like smartphones, smartwatches, computers, or even embedded devices. These terminals are connected to the gateways by short- range communication protocols, namely, 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) or Bluetooth Low Energy (BLE) over IEEE 802.15.4 stan- dards. Gateways are connected to the cloud for the services connected with the process- ing and storage [1, 2]. Patient data can also be stored in electronic health records, which FIGURE 2.1 IoMT.
- 43. 28 Security Engineering for Embedded and Cyber-Physical Systems will help doctors access the history of patient health details. These can assist all sorts of people, namely pediatric, elderly, and patients with chronic diseases. The health sector has attained rapid development among the IoT-based systems. The organization of the chapter is as follows: IoT Healthcare System and IoT Healthcare Technologies are described in Sections 2.2 and 2.2.1. IoT healthcare policies of some countries are explained in Section 2.2.2. Heterogeneous IoT is described along with the architecture in Section 2.3. IoHT services and applications are outlined in Section 2.4. IoHT Security is described in Section 2.5. Role of Blockchain in Healthcare is explained in Section 2.6. IoHT Industry Status is described in Section 2.7. Finally, the chapter ends with the open issues in IoHT, which are explained in Section 2.8. 2.2 IoT HEALTHCARE SYSTEMS In the current healthcare systems, offering low-cost services efficiently is challenging. It is more highlighted when more aged citizens are affected by various diseases, demand- ing better healthcare recovery mechanisms. Due to the lack of resources in cities and rural areas, it can be tough to provide suitable treatment. Hence, the healthcare system needs changes for the transformation into smart healthcare system. Wearable sensors and devices are integrated with smart healthcare systems designed for smart emergency sys- tems and smart hospitals. Sensor nodes can be installed inside or adjacent to the patient’s body. Activity recognition, anomaly detection, behavioral pattern discovery, and deci- sion support are some of the technologies to be integrated with the sensor networks [3, 4]. Intel and Dell have collaborated and launched a smart healthcare system in Saensuk city, Thailand, in January 2016. These corporate companies have initiated providing health services to the citizens. As an initial step, old-aged people who form most of the city population are focused on the project. These patients are provided with Bluetooth- enabled devices involved in collecting and investigating the data regarding their activi- ties such as sleeping movements and walking. The collected data are sent to the central cloud system to contact medical practitioners to provide instant action based on condi- tions. Data collection plays an important role in smart city development through differ- ent tools and techniques. Various sensor devices are employed in sensor networks which help in data collection. These sensors include smart emergency sensors, smart health systems, and sensors for traffic management [5–7]. 2.2.1 IoT Healthcare Technologies IoT-based healthcare solutions are increasing day-by-day and therefore filtering the solu- tions becomes a tedious task. Core technologies that have the potential for the evolution of IoT-based healthcare solutions are discussed in this section [8–13]. • Cloud Computing: Integrating cloud computing into IoT healthcare tech- nologies gives predominant access to shared resources. Services were offered
- 44. 2 • IoT-Based Secure Smart Healthcare Solutions 29 based on the request over the network and operations were executed to meet the needs. • Grid Computing: Introducing grid computing in the healthcare networks helps to improve the computational capability of medical sensor nodes. Grid computing, the backbone of cloud computing, is more accurate than cluster computing. • Edge Computing/Fog Computing: Edge computing helps analyze and streamline the network traffic from the IoT devices. It also plays an important role in implementing real-time local data analysis. Fog computing provides the platform for the devices to operate during critical analysis, eliminating cloud storage processes. • Data Streams: Data streaming is defined as a process where real-time data are processed to extract useful information from it. It means that the continu- ous stream on unstructured data is processed for analysis into the memory before storing it in the disk. • Big Data: An enormous amount of healthcare data is generated by various medical sensors, which increases the efficiency and relevance of healthcare diagnosis and monitoring methods. • Networks: In the IoT-based healthcare network, short-range such as WBAN, WLAN, WPANs, WSN, 6LoWPAN and long-range communications are included in physical infrastructure. For designing low-power medical sensor devices and communication protocols, the empowerment of ultra-wideband (UWB), BLE, NFC, and RFID technologies were used. • Ambient Intelligence: The application of ambient intelligence is crucial to humans. In a healthcare network, humans are involved in end-users, clients and customers, patients, or health-conscious individuals. The continuous learning of human behavior, execution of any required action triggered by a recognized event was allowed by ambient intelligence. The potentiality of IoT-aided healthcare services can be enhanced by amalgamating autonomous control and human–computer interaction (HCI) technologies into ambient intelligence. • Augmented Reality: In healthcare engineering, augmented reality plays a vital role in IoT. Augmented reality has its applications in the field of surgery and remote monitoring. • Wearables: By adopting wearable medical devices to identify landmarks, patient engagement and population health improvements can be facilitated. The three major interests are connected information, target-oriented health- care communities, and gamification. 2.2.2 IoT Healthcare Policies Evidence-based policies and technologies play a vital role in all practical implemen- tations. However, IoT healthcare services are still to be addressed across the world, e-health policies are key goal for many policy initiatives. If someone intends to develop
- 45. 30 Security Engineering for Embedded and Cyber-Physical Systems both IoT and healthcare policies, then it means the policies will be based on IoT-based healthcare services. The countries and organizations and their forwarding direction in both IoT and eHealth policies and strategies were discussed in this section. 2.2.2.1 India In the health sector, to enhance the role of information and communication technology (ICT), India introduced an eHealth policy between 2000 and 2002 to provide com- prehensive guidelines in the healthcare field. Recommendations are provided for the country’s information technology (IT) infrastructure (2003) and also for the formation of a telemedicine task force (2005). Transforming a digitally empowered society and the country with a knowledge-based economy, various initiatives have been implemented by the Indian government as part of Digital India Program [14]. To develop 100 smart cities, the budget of Rs. 70.6 billion has been allotted by the Indian government. To raise the number of connected devices by over 2.7 billion, to create a $15 billion IoT industry was the ambitious plan by India by 2020. In India’s healthcare sector, all these efforts are expected to make great impact [15]. 2.2.2.2 Australia To guide national coordination and collaboration in eHealth, a framework was developed by the Australian health minister in 2008. A strategic framework was developed based on a series of National consultation initiatives including commonwealth, state and terri- tory governments, general practitioners, medical specialists, nursing and allied health, pathology, radiology, pharmacy sectors, health information specialists, health service managers, researchers, scholars, and consumers. In addition to this, the Australian gov- ernment developed a strategic plan for IoT [16]. 2.2.2.3 Japan To motivate the realization of network access ubiquity, the u-Japan Policy was devel- oped by Japan’s Ministry of Internal Affairs and Communications (MIC) in 2004 [17]. For eHealth-friendly policies, some recommendations have been made by the Japanese government, which focused on cost savings and improved clinical outcomes [18]. 2.2.2.4 France For the advancement of the IoT, in 2008 the French government supported the creation of an object-naming service (ONS) root server. Every product is uniquely identified using global standards since they registered with GSI France. Through domestic ONS nodes and portals, the information on these products was enabled. Since the product data are accurate, authentic, and uniform, the customers were convinced. Telemedicine services are widespread at the regional level and stimulate eHealth policy improvement in France. Legislation in 2004 has introduced electronic health records [19]. With the superintendent of solutions for challenges in semantic interoperability and the use of
- 46. 2 • IoT-Based Secure Smart Healthcare Solutions 31 eHealth, the government has worked on the furtherance of IT infrastructure of hospitals. Regarding this, the “Hopitaux 2012” plan and the Law on Hospitals, Patients, Health and Territory (HPST) are worth noting. 2.2.2.5 Sweden Networking was enabled for all physical objects through the Internet by enhancing IoT. For the headway of IoT, an Object Naming Service (ONS) root server is jointly devel- oped by Global Standards 1(GS 1) Sweden and SE, which SE announced in July 2010. The Swedish “National Strategy provided a detailed set of action areas and statements for eHealth” [20]. 2.2.2.6 Germany In the legislation governing, the core eHealth activities of Germany were expressed in 2003. Germany has a superintendence to become a leader in engineering and manufac- turing sector including IoT domain [21]. INDUSTRY 4.0 is the strategic start that helps achieve this goal according to the HighTech Strategy 2020 action plan. 2.2.2.7 Korea By 2020, domestic market for IoT has achieved the KRW to 30 trillion ($28.9 billion), which was previously planned as 2.3 trillion in 2013. The government established an open IoT ecosystem in May 2014 to develop IoT services and products. Service, plat- form, network, device, and IT security sectors are parts of an open IoT ecosystem. In 2008, to enhance eHealth’s inclusiveness and fair access, Korea has introduced poli- cies. Electronic medical records, ePrescription, and telemedicine were introduced in the healthcare sector, which initiates the driving use of ICT [22]. 2.2.2.8 China In July 2020, China’s Ministry of Industry and Information Technology (MIIT) announced that a unified national strategic plan for the IoT would be promoted. To introduce IoT, facilitate RD, commercialization, creating foundational technologies, network connections and usage would be established by MIIT, which the Chinese gov- ernment decided. These measures are expected to motivate the development of IoT. China’s “eHealth Development Strategy 2003–2010” has attracted the rising investment interest [23]. 2.2.2.9 The US IoT’spolicyandregulatoryimplicationswerediscussedbytheFederalTradeCommission (FTC) in February 2014. The provision of notice and choice for non-consumer-facing network devices and how devices that are part of the IoT can be ensured to have reason- able data security were the two major areas of IoT that FTC focused on.
- 47. 32 Security Engineering for Embedded and Cyber-Physical Systems 2.2.2.10 The EU A European policy for the IoT was devised by Research and Development (RAND) Europe based on the European Commission’s request. From mid and long-term per- spectives, policy challenges had been evaluated by a research team addressed by poli- cymakers. In Europe, for stimulating the development of IoT, some recommendations have been made after examining the policy options. To help the IoT, a resolution was proposed by the European Parliament in June 2010. The impacts of this technology on health, privacy, and data protection should be thoroughly assessed, which was recom- mended by the EU parliament. As part of this resolution, a consumer enjoys the right to opt for a not equipped or connected product. In 2004, the eHealth Action Plan was endorsed by the European Council, to cooperate the area of eHealth, all member states expressed the formal commitment. The European Commission launched a public con- sultation initiative in April 2014 for input from interested stakeholders on barriers and the issues regarding mHealth in the EU [24]. 2.2.2.11 The World Health Organization For a wide range of public health initiatives, mobile phones are used in both developed and developing countries. In developing countries, an initiative was taken to encourage Mobile Health (mHealth) for tobacco control (WHO, 2011). Text messages (SMS) were mostly used in most eHealth projects in developing countries to increase awareness and communication campaigns, and they focused mainly on HIV, malaria, and MCH. All target countries have been advised to consolidate ICT in their national health informa- tion systems and infrastructure by 2015. 2.3 HETEROGENEOUS IoT Heterogeneous IoT is the predatory area among research fields, impacting every indi- vidual’s lifestyle. These are implemented in various fields such as security systems, smart cities, vehicular ad-hoc network (VANET), smart homes, manufacturing, and environ- mental monitoring. It can offer numerous reliable amenities to our lives depending on applications developed. Heterogeneous IoT is designed with the help of mobile networks (3G, 4G, 5G), VANET, WiFi, and wireless sensor networks (WSN). These combinations of architectures assist in achieving the information anytime and anywhere. The overall setup is connected to the cloud servers via satellites or the Internet, which plays a vital role in transmitting the information to the server toward the processing stage. Servers can collect enormous amounts of information to control the smart entities. IoT is termed as a developing paradigm where the various heterogeneous systems are interconnected with four layers namely, application, cloud computing, networking, and sensing layers. Entities are controlled by themselves where they are scalable. Due to the sensing devices and sys- tem architectures, heterogeneous IoT is incorporated in almost every application aspect of life. Heterogeneous IoT architecture comprising four layers is described in Figure 2.2 [25].
- 48. 2 • IoT-Based Secure Smart Healthcare Solutions 33 2.3.1 Application Layer Heterogeneous IoT can support numerous applications such as VANET, WiFi, and WSN. Mobile users are free to communicate using various applications, namely Whatsapp, Line, Yahoo messenger, WeChat, and Facebook Messenger, which helps monitor emer- gency traffic situations. Smart devices, cars, or humans connected to the applications will take respective decisions based on traffic information. WiFi can adapt with various protocols and so it is deployed in smart homes, smart healthcare, and smart city systems. WSN helps observe environmental entities such as humidity, temperature, light, smoke, to name a few. Smart appliances are utilized in everyday life, which requires simple and easy interfaces for the applications to be used effectively [26]. 2.3.2 Cloud Computing Layer The Cloud computing layer helps retrieve and execute the information gained from underlying layers. Cloud computing can handle a large amount of information more accurately. It is made possible with the help of storage capacity and also, cloud serv- ers are capable of making decisions based on the information gathered. Additionally, heterogeneous IoT applications take actions based on emergency-aware mechanisms. As there is an increasing growth of data, decision-making through the cloud computing will take more time. Cloud computing has enhanced its heterogeneity power compared to middleware because of prevailing systematic computing capabilities. Different oper- ating systems and a variety of network protocols could be differentiated by middleware FIGURE 2.2 A heterogeneous IoT architecture.
- 49. 34 Security Engineering for Embedded and Cyber-Physical Systems to provide high-quality service for several kinds of applications. This will be hard to obtain interoperability because of the scheme used by most common middleware ser- vices. Because of the mismatched schemes of the subsystems, the middleware services have shortcomings of memory overhead and time delay constraints. In a specific style, the communication between the heterogeneous networks through cloud server acts as an abstract layer [27]. 2.3.3 Networking Layer Networking layer helps in movement of data between the sender and receiver. Major topologies like tree, star, scale-free, and hybrid for higher data transfer are offered. Through supernodes, sink nodes, and other communication entities, the data is trans- ferred to the cloud server with the help of network structures and also through resource- ful network strategies. In heterogeneous IoT, different kinds of protocols for routing have been designed. Data throughput, energy consumption, and malicious attacks were challenges faced by network topologies. In case of a node failure, some self-structured protocols help to improve the strength of network topologies. A high potential of data transfers is required to move a large amount of information to cloud servers in hetero- geneous IoT. The network’s lifetime in the heterogeneous IoT, hazardous locations, is extended using energy-saving protocols deployed [28]. 2.3.4 Sensing Layer For decision-making, the data from different nodes are collected and given to the cloud servers with the help of various sensors in the sensing layer. A huge number of sensors are located in a specific location to transmit data and thus the topology is formed. Sink, sensor, and management nodes are parts of the conventional network. Retrieving the data from sensor nodes and converting them to a multichip communication style will be performed by the sink node. Management nodes were used to administer the sensor network and observe activities initiated by them. The network structure will be changed if some nodes die or disappear quickly due to energy exhaustion and environmental effects. By choosing the power management and backbone node, unnecessary wireless communication links were subtracted. This helps to ensure the network connectivity and potential network model for data transfer. Several algorithms and mechanisms have been proposed for strengthening the network. Several different sensors in a heterogeneous IoT model exist to handle malicious nodes. Smart sensors are located to improve the privacy of heterogeneous IoT devices, since it lacks privacy. Various fields like industry, agriculture, smart homes, transportation, healthcare, and IoT have started penetrating rapidly from 1999. The purchase of materials, stocks, and auctions uses heterogeneous IoT applications and industrial productions use supply chain management [29, 30]. • IoT devices are used in agriculture to sense the greenhouse temperature, soil conditions, humidity, and other environmental factors.
- 50. 2 • IoT-Based Secure Smart Healthcare Solutions 35 • IoT devices are used in smart homes to enhance home safety and provide a pleasant living environment. • To simplify data gathering, its execution, distribution, and travel exploration, intelligent transportation will be useful in vehicular communication. IoT devices also significantly impact healthcare, varying from primary patient investi- gation to operation theatre (OT). To enhance wearable smart devices, heterogeneous IoT has been stimulated and a new trend of mobile health has been revealed. 2.4 IoHT SERVICES AND APPLICATIONS IoT-based healthcare services, including pediatric and older nursing, chronic disorders surveillance, private health, and wellness management, are relevant to different sectors. Applications shall also be split into two groups: • Single condition • Clustered condition An application with a single diagnosis refers to a particular disorder or infirmity, and an application with a clustering treatment encompasses a variety of illnesses or disorders together in their entity. 2.4.1 IoHT Services IoT has been designed to offer continuous facilities in which each provider has delivered a selection of healthcare strategies. No common definition of IoT facilities exists in the field of healthcare. However, some situations may not critically separate service from a different method. General resources and protocols that could be required for IoT struc- tures require small improvements in the proper operation of these facilities in medical scenarios. These include notification services, resource-sharing services, Internet facili- ties, heterogeneous computer cross-connection protocols, and large networking proto- cols. Various forms of IoT healthcare services are discussed as follows [31–33]. 2.4.1.1 Ambient assisted living IoT platform based on artificial intelligence (AI) techniques helps care for aged people and differently abled people. These kinds of integration of techniques are termed ambi- ent assisted living (AAL). The ultimate aim of AAL is to provide an independent life to older adults in their comfortable zone of living. It gives a human-servant-like assisted living which will make them feel happy and comfortable. AAL work on 6LoWPAN, RFID, near-field communication (NFC) which applies for passive communication. As
- 51. 36 Security Engineering for Embedded and Cyber-Physical Systems researchers are more eagerly involved in developing smart objects, Keep-in-Touch smart objects have triggered them in multi-dimensions on deploying the application. 2.4.1.2 Adverse drug reaction (ADR) ADR is caused due to the injury caused by medications provided. Nowadays, more peo- ple suffer from the side effects of medications that physicians recommend. ADR helps reduce the reversal reactions of medicines with the help of barcode or NFC-enabled devices. This pharmaceutical intelligent information system helps map medications to the patient’s allergy profile and prescribes the respective medicines. 2.4.1.3 Children health information (CHI) In the present pandemic situation, children’s health has to be taken care of in a cru- cial manner. Therefore, IoT researchers are developing an interactive totem placed in the pediatric ward to offer CHI services and provide guidance on emotional, mental health problems. IoT-based health services are encouraged to acquire nutritional habits for teachers and parents. 2.4.2 IoHT Applications IoT software should be given more consideration in comparison to IoT facilities. Services are used to create software while consumers and patients access apps directly. Thus, utilities are developer-centered, whereas apps are user-centered. Present on the market today are numerous gadgets, wearables, and other healthcare products in addition to those uses covered in this segment. These products can be seen as IoT inventions that can contribute to different applications in healthcare. Various IoT applications which are developed to serve the medical fields are presented as follows [34–36]. 2.4.2.1 Medication management To solve the non-compliance problems in the medical field, IoT offers solutions such as I2Pack and iMedBox, which can verify the system with the help of field trials. IoT-based medication management packaging method has been developed for delamination mate- rials and controlled through wireless communications such as RFID tags. 2.4.2.2 Wheelchair management Researchers initiated their focus on developing automated smart wheelchairs which help disabled people. It is developed with wireless body area network (WBAN) technology integrated with various sensors. Medical support system connects peer-to-peer network and IoT in controlling chair vibration and helps detect the wheelchair status. It monitors the individual sitting position in the chair and collects all the data from the surrounding along with the location. It has eventually stated that the standard “things” evolved as connected machines which drive the data.
- 52. 2 • IoT-Based Secure Smart Healthcare Solutions 37 2.4.2.3 Body temperature monitoring Body temperature plays an essential role in the healthcare services, such as homeosta- sis (ability to maintain a stable internal state despite the changes in the world outside) maintenance. IoMT verifies body temperature sensor, which is integrated into TelosB mote. It helps measure the temperature variations, which shows the successful operation of medical-related IoT systems. It includes an RFID module that controls temperature recording and transmission of a module for monitoring body temperature. 2.5 IoHT SECURITY IoT grows rapidly in the medical field, which can be expected to be a mainstream of IoT acceptance in the next few years and prosper with the latest eHealth IoT products and applications. Medical equipment and software can deal with sensitive private data, such as confidential medical records. Moreover, such intelligent systems can always and everywhere be connected to global communication networks. Consequently, an intruder might threaten the IoT health care domain. It is important to define and evaluate various features of IoT protection and privacy, including safety criteria, flaws, hazard models, and countermeasures from a healthcare perspective to promote the complete deploy- ment of IoT within the healthcare sector [37–40]. 2.5.1 Security Requirements IoT-based healthcare strategies are close to the protection criteria of typical commu- nications situations. Confidentiality means that unauthorized people are unable to obtain patient records. Furthermore, classified communications do not cause eavesdrop- pers to expose their material. Integrity means that the patient records received are not changed by an enemy during transit. Moreover, the completeness of stored data and material should not be impaired. Authentication allows an IoT health device to guar- antee the authenticity of the peer. Availability ensures the sustainability of IoT health- care systems, either local or global/cloud, even in denial-of-service attacks, to approved parties. The freshness of data requires freshness and critical freshness of data. Because of the IoT health network, metrics can differ over time when newly created messages. The freshness of data essentially assumes that each data set is new and does not repeat old messages from any adversary. Non-repudiation indicates that a node cannot deny a message sent earlier. Authorization means that registered nodes can only reach network facilities or infrastructure. While interconnected health systems are hacked, the net- work/device/information should be secured from attacks by a protection scheme. In the case of a failure, a network scheme should always have respective security services. An IoT healthcare network medical system may malfunction or lack resources, while other operating devices can allow a minimum degree of protection [41].
- 53. 38 Security Engineering for Embedded and Cyber-Physical Systems 2.5.2 Security Challenges As Standard protection strategies do not assure IoT security standards, there is a need for innovative countermeasures to comply with current IoT problems. Furthermore, such machines are not designed to carry out costly computing operations. In other words, they are either a sensor or actuators. It is thus a difficult challenge to find a protection solution that minimizes the use of energy and thus maximizes safety efficiency. Most IoT medical devices have no memory on the device. They are enabled by an integrated International Standard Organization (ISO), a device program and an application binary which are enabled. Consequently, the memory cannot be enough to run complex security protocols. A conventional IoT healthcare network includes portable medical instruments with mini- mal control of the batteries, such as body temperatures sensors and BP sensors; these instruments save energy when the sensor readings are not registered by switching to power-saving mode. Moreover, if nothing is relevant, they run at a low CPU speed. The energy restriction property of IoT health devices is also difficult to find an energy- conscious protection approach. Medical instruments are usually not static but mobile through IoT service providers connected to the Internet. For example, wearables can be linked to the Internet utiliz- ing a wearable body temperature sensor or a heart monitor and the user can note their condition. Those consumer wearables are linked to the home network, where the con- sumer is linked to the office network. Various networks have different configurations and settings for security. The development of a protective algorithm recognizes versa- tility and poses a significant challenge. The number of IoT devices has steadily risen, which means that more devices are connected to the global communication network. Therefore, it is a difficult challenge to build a highly flexible defense framework without violating safety criteria. Healthcare devices are typically connected through various wireless networks, including Zigbee, Z-Wave, Bluetooth, Bluetooth Low Energy, WiFi, GSM, WiMax, and 3G/4G. The capabilities of these networks are less suitable for conventional wired safety systems. Therefore, a robust safety protocol is difficult to locate and can accommodate wired and wireless features equally. Consequently, connecting numerous health devices within an IoT health network is complex, from full-length PCs to low-end RFID tags. Such instruments differ in computing, control, memory, and embedded software depend- ing on their capabilities. Therefore, the task is to build a protection framework that can suit even the most straightforward machines. A health computer can enter wherever and everywhere in the IoT health network. It can either gracefully (with a right acknowledg- ment of the exit) or disgracefully (abruptly) leave a network. The network topology is complex with medical equipment’s temporal and spatial entry features. For this cause, it is a challenging task to develop a security model for such a complex network topology [42]. A health system can communicate in a proprietary network protocol with other devices in the local network. IoT systems can also connect via the IP network with IoT service providers. Therefore, security experts can’t establish a sound security strategy for multi-protocol communications. Protection protocols must be up-to-date to mini- mize possible vulnerabilities. Security updates for IoT health devices are also needed.
- 54. 2 • IoT-Based Secure Smart Healthcare Solutions 39 But it is a daunting challenge to develop a system for the complex implementation of security patches. IoT health equipment’s physical stability is an important aspect. An attacker will access computers, extract encryption secrets, change code, or substitute malicious nodes. Tamper-resistant packaging protects against such threats, but in reality it is impossible to enforce. When an attack occurs from a proximal network healthcare system, the attack is more serious. The expanded attack surface makes IoT health sen- sors and networks vulnerable to security hits. Furthermore, the malicious or compromised node inside the proximal network is difficult to ascertain. IoT model continues to evolve, with many other IoT healthcare equipment and facilities planned. In comparison, the attacker can aggressively and deliberately target a health system and network that can use related IoT devices or power supplies like tab- lets and laptops to enter the network. An intruder will then formulate multiple security vulnerabilities to present potential IoT-medical systems and networks. Some risks are tangible while others can be forecasted and others are impossible to foresee. Different categories of attacks are discussed as follows [43]: 1. Attacks Based on Information Disruptions: An attacker can manipulate or analyze in-transit and saved health data to provide incorrect information and delete the integrity of information. The competitor conducts denial-of-service (DoS) attacks that result in the failure or unavailability of communication connections. This method of intrusion jeopardizes the liability of network hardware. An enemy passes patient information found in communications that violate confidentiality and data protection. An enemy receives unwanted access to patient records to generate chaos and confuse innocent organiza- tions through the IoT health network. An enemy forges messages by injecting bogus material to undermine the credibility of messages and deceive inno- cent citizens. An enemy plays back current signals to jeopardize freshness. This further raises misunderstandings and misleads innocent people. 2. Attacks Based on Host Properties: Three types of attacks are initiated based on host assets. • Compromise: The reverse entails cheating or stealing the customer’s fit- ness equipment and networks. Critical material, including passwords, encryption keys, and user data, is exposed in this attack. • Hardware compromise: An adverse system tamper and will steal firm- ware, keys, and data from the software on the computer. An attacker can reprogram malicious coded computers. • Software compromise: An intruder exploits the program bugs and weak- nesses and causes IoT health systems to malfunction or dysfunction (e.g. buffer overload and depletion of resources). 3. Attacks Based on Network Properties: The method of attack is in two forms: a particular agreement between protocols and layers and a compromise in standard protocol where an attacker deviates from the standard protocols (application and networking protocols) to compromise compatibility, ano- nymity, honesty, and authenticity. The various types of vulnerabilities that an
- 55. Another Random Document on Scribd Without Any Related Topics
- 56. CHAPTER I INTRODUCTORY The law of copyright in the United States, especially in relation to literary work, is daily becoming of more interest to the owners of copyright in this country. Since the Act of Congress, 1891, commonly known as the Chace Act, those who are neither citizens of nor resident in the United States can acquire a copyright therein if copies of their books are printed from type set up in the United States and if their books are duly recorded there before publication either within or outside the United States. There is thus created for English authors a property which may be of considerable value if before publishing here they incur the trouble and expense of printing and recording their books in America. Apart from this commercial interest which English authors and publishers have in a knowledge of American copyright law, there is the further interest to English lawyers in the large body of analogous case law to which the American statutes have given rise. These statutes were originally founded on our own statute of Anne, and, although the difference between the Acts now in force in the two countries is very wide in many respects, a great deal remains the same in substance, and the decisions of the American Courts afford us valuable precedents. These cases, however, must not be cited in our Courts at random, as has too frequently been done. In citing from the American reports, it is essential to compare the statutory provisions in America with the statutory provisions in this country, and ascertain whether the decisions are really applicable or not. It is for this reason that I have thought it expedient to keep the American
- 57. law and the English law entirely separate. The practice of citing American cases promiscuously throughout a treatise on English Copyright Law I have found to be confusing and misleading. [236]
- 58. CHAPTER II WHAT WORKS ARE ENTITLED TO COPYRIGHT In order to acquire copyright in the United States the work must fulfil the following conditions: 1. It must be an original literary or artistic work. 2. The (owner/author) must be a citizen of the United States (or resident therein), or of a foreign country proclaimed to that intent by the President.[1253] 3. It must have complied with the formalities prescribed by the statutes of the United States.[1254] 4. It must be innocent.[1255] Section I.—An Original Literary or Artistic Work. In the United States literary and artistic works are treated similarly under the same series of statutes. The works protected are enumerated in section 4952 of the Revised Statutes as amended by the Act of March 3, 1891 (The Chace Act). The protection extends to any book, map, chart, dramatic or musical composition, engraving, cut, print, or photograph or negative thereof, and to any painting,
- 59. The scope of the Constitution. drawing, chromo, statue, statuary, and to models or designs intended to be perfected as works of the fine arts. In considering whether a work is within the protection of the Copyright Acts, not only must the enacting words of the statutes be considered, but also, and perhaps principally, the scope of the provision in the Constitution, which grants power to Congress to secure the protection of authors and artists.[1256] The language of the Act must be read in connection with the Constitutional provision and be so construed as to promote the object and conform to the purpose expressed therein. The power given to Congress by the Constitution is a power to promote the progress of science and useful arts by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries. In consideration of this restricted power the earlier decisions[1257] construed the Acts of Congress as including only those works which showed a certain degree of intellectual labour in the arts or sciences. In Clayton v. Stone[1258] protection was refused to a daily price current or review of the markets issued in a newspaper. Thompson, J., in giving judgment, said: The Act was passed in execution of the power given by Congress, and the object therefore was the promotion of science; and it would certainly be a pretty extraordinary view of the sciences to consider a daily or weekly publication of the state of the market as falling within any class of them. They are of a more fixed, permanent, and durable character. The term science cannot with any propriety be applied to a work of so fluctuating and fugitive a form as that of a newspaper or price current, the subject-matter of which is daily changing, and is of mere temporary use.... The title of the Act of Congress is for the encouragement of learning, and was not intended for the encouragement of mere industry unconnected with learning and the sciences. [237]
- 60. Illustrated Catalogues. This high standard of intellectual requirement was not, however, strictly maintained. In Brightley v. Littleton[1259] a blank form of application for a licence to sell liquor at retail, drawn in pursuance of the statutes in that behalf, was protected, and it was said that, although the matter claiming copyright must be original and possess some possible utility, the originality may be of the lowest order and the utility barely perceptible. In Ladd v. Oxnard[1260] the English cases of Lamb v. Evans[1261] and Leslie v. Young[1262] were cited with approval, and the Court agreed that the quality and grade of original work required by the Courts under the Copyright Statutes are very moderate. Until the case of Mott v. Clow,[1263] the tendency seems to have been to follow the English judges to their extreme view, as expressed by Lord Halsbury in Walter v. Lane,[1264] i. e. that the copyright law requires neither literary merit nor intellectual labour nor originality either in thought or in language. The Court, however, in Mott v. Clow[1265] refused to follow the English decisions. After reviewing the American, and particularly the earlier American decisions, they say: The result of these decisions would seem to place this construction upon the Constitutional provisions under consideration that only such writings and discoveries are included which are the result of intellectual labour; that the term writings may be liberally construed to include designs for engravings and prints that are original and are founded in the creative powers of the mind, the fruits of intellectual labour; that prints upon a single sheet might be considered a book if it otherwise met the spirit of the constitutional provision; and that to be entitled to a copyright, the article must have, by and of itself, some value as a composition, at least to the extent of serving some purpose other than a mere advertisement or designation of the subject to which it is attached. [238]
- 61. The book before the Court was a catalogue in the form of a bound volume, containing illustrations of household wares offered for sale, and giving the dimensions and price of each. The Court referred to Maple v. Junior Army and Navy Stores[1266] where a similar catalogue in England was protected. It is to be observed in this case that it was ruled largely upon the language of the Act of Parliament (5 6 Vict. c. 45).... It is to be here remarked that the Parliament of Great Britain, unlike the Congress of the United States, is unlimited in power, and with the construction and effect placed upon the preamble of the Act by the Court, there would seem to be little escape from the conclusion at which the Court arrived. In this country under the Constitution the power lodged with the Congress is not unlimited, but is restricted to the promotion of the progress of science and useful arts. The ruling of the English Court is therefore not pertinent except as it illustrates the subject. The Court cited with approval Baker v. Selden,[1267] which had expressly approved Cobbett v. Woodward,[1268] an English case overruled in Maple v. Junior Army and Navy Stores;[1269] they further cited and approved the judgment of Thompson, J., in Clayton v. Stone,[1270] quoted above. The judgment concludes with the following paragraph: It is possibly not beyond comprehension that pictures of slop- sinks, wash-bowls, and bath-tubs, with or without letterpress statement of dimensions and prices, though intended mainly for advertisement, may in localities where such conveniences are not in common use, be the means of instruction and of advancement in knowledge of the arts, and, when they are the products of original intellectual thought, may possibly come within the scope of the Constitutional provision. It is enough for the present purpose to say that, in our judgment, the Congress [239]
- 62. Directories. Dictionaries. Mercantile Statistics. Forms of Application. has not seen fit to enact a law which can reasonably be given so broad a construction. In considering the authority of some of the cases cited below, the judgment in Mott v. Clow[1271] must not be lost sight of. It is probable that some of these cases are not in accordance with it, or with the older cases, such as Clayton v. Stone[1272] and Baker v. Selden[1273] therein expressly approved. Subject to this note of warning, the following may be taken as examples of what have and what have not been accepted as works of art or literature within the scope of the Constitution and the Acts of Congress. Directories[1274] and dictionaries[1275] have both been protected. In the case of the latter, there is copyright in the definitions of the words, however short. A list of the credit ratings of marble, granite, and stone dealers of the United States and Canada was protected in Ladd v. Oxnard.[1276] In Clayton v. Stone,[1277] which has been approved as sound law,[1278] a daily state of the market was refused protection. A racing guide containing a list of race-horses and statistics as to their age and performances was protected in one case,[1279] and in the other case a list of trotting horses and their paces.[1280] In Brightley v. Littleton[1281] a blank form of application for liquor licence was held to be copyright. In Carlisle v. Colusa County[1282] copyright was denied to a blank form of property statement for assessment purposes. This latter decision appears, however, to have been partly on the ground that as the assessors were obliged to issue a form, it would embarrass their duties if forms drawn up by private persons were entitled to copyright. A circular in pamphlet form used as an advertisement, and explaining a certain method of distribution of coupons to cash [240]
- 63. Dramatic Works. Law Reports. Statutes. purchasers from certain merchants named in the pamphlet, has been held to be the subject of copyright.[1283] The circuit judge, however, in his judgment, says: It requires some stretch of imagination to say that this pamphlet comes within the purpose of Congress, the encouragement of learning, and the increase of useful knowledge, but the official charged with the duty has granted a copyright to this pamphlet, and his decision is accepted.[1284] Dramatic works[1285] have been protected, although not of a very high literary standard. In Henderson v. Tompkins[1286] protection was given to a topical song which was designed merely to amuse. It was sufficient if it accomplished that purpose. Law Reports are protected so far as they consist of original intellectual matter;[1287] the protection may thus extend to the title-page, table of cases, the head notes, the statements of facts, the argument of counsel, the index, the order and arrangement of cases, the numbering and pagination of the volumes, the table of cases cited in the opinions, the subdivision of the index into condensed titles, and the cross references.[1288] The original work of the reporter is alone protected.[1289] In the opinion of the Court there is no copyright;[1290] these constitute part of the law of the land open to all to make use of as they please, and neither the state, the judge, nor the reporter can acquire or confer any conclusive privilege of copying them. The same rule applies to the head notes in those states where they are prepared by the judge. [1291] On the same grounds of public policy no one can have copyright in the statutes;[1292] the legislature of the state cannot confer it on any one.[1293] There may be copyright in the head notes and arrangement of a digest of the statutes.[1294] [241]
- 64. Notes and Additions. New Arithmetic. Adaptations. Musical Arrangement. New Editions. Form of Publication. The contents of a book do not require to be entirely new; if partially old there will be copyright quoad the new material or new arrangement.[1295] Thus there is copyright in notes and additions to an old work,[1296] in a new arithmetic combining old material in new form,[1297] in translations,[1298] in the adaptation of an old drama introducing a new title, new dialogue, minor characters, scenery, and dramatic situations with the orchestration and orchestra part songs and music,[1299] and in the dramatization of a novel.[1300] In one case it was held that the adaptation of a musical piece from the notation suitable to one instrument to that suitable to another was not a sufficiently intellectual process to entitle the adapter to copyright in his adaptations.[1301] It was said that a mere mechanic could make the adaptation and accompaniment. Since then, however, it has been held that a musical arrangement is the subject of copyright. In Thomas v. Lennox[1302] an orchestral accompaniment for a non-copyright oratorio by Gounod was held to be the subject of copyright. In Carte v. Evans[1303] an arrangement for the pianoforte of the orchestral score of an opera was held to be copyright. Copyright in new editions runs quoad the new material from the date of the new edition.[1304] The additions or corrections must be of substantial value. A work which is publici juris cannot be reclaimed by colourable and immaterial alterations or additions.[1305] A book need not be a book in the ordinary sense of the word; the word in the Act is not to be construed by reference to lexicographers: the literary property to be protected by the Act is not to be [242]
- 65. Mechanical Devices. Letter File. Account Book. Originality. determined by the size, form, or shape in which it makes its appearance, but by the subject-matter. [1306] A single sheet containing literary matter will be protected as a book.[1307] No doubt, however, the subject to be protected must be ejusdem generis as a book or leaflet. The subject-matter must convey, and the form must be suitably adapted for conveying, information to the reader. The copyright law embraces those things that are printed and published for information and not for use in themselves. Thus what is really a mechanical instrument, and if original entitled to protection under the patent law, will not be protected by the copyright law. In Amberg File v. Shea[1308] protection was claimed in a letter file. It was said that the spaces between the index letters were adjusted to the average requirements of the correspondent. These average requirements were ascertained by exhaustive research in different directories. Copyright was refused. In Baker v. Selden[1309] blank account books of an original type or pattern were refused protection. The judge in that case drew the distinction between what was a proper subject of the patent laws and what was a proper subject of copyright law—The object of the one is explanation, the object of the other is use.[1310] In Drury v. Ewing[1311] a ladies' chart for cutting dresses and basques for ladies, and coats, jackets, c., for boys was protected. It is almost certain, however, that this decision would not now be accepted as sound. Mere labels will not be protected as copyright works.[1312] They may be protected by registration in the Patent Office.[1313] Copyright may be obtained for works of the imagination, or for a mere collection and arrangement of material open to all mankind.[1314] What is meant by originality as a requisite of copyright is that what is claimed as the subject of copyright, whether it be the composition or arrangement of matter, must not have been taken from some [243]
- 66. Letters. literary or artistic work already in existence. It need not be the first of its kind; the same thing may have been done before so as to produce identically the same result.[1315] If the second author, artist, or composer goes about his work independently, searching out his material from the original sources, he is equally entitled to copyright with the first. Herein copyright law differs from the law of patents; in the former there may be two concurrent copyrights in what is identically the same creation, in the latter there can only be one patent, the first inventor being entitled. Letters may be the subject of copyright, whether of a business or private nature, and although never intended by the writer to be published as literary productions. In Folsom v. Marsh[1316] the letters of George Washington were the subject of controversy. Story, J., in giving judgment, laid down the law as to the property in letters at some length: There is no small confusion in the books with reference to the question of copyright in letters. Some of the dicta seem to suppose that no copyright can exist except in letters which are professedly literary, while others again recognise a much more enlarged and liberal doctrine upon the whole subject. In the first place I hold that the author of any letter or letters (and his representatives), whether they are literary compositions or familiar letters or letters of business, possess the sole and exclusive copyright therein; and that no persons, neither those to whom they are addressed nor other persons, have any right or authority to publish the same upon their own account or for their own benefit. But consistently with this right the persons to whom they are addressed may have, nay, must by implication possess the right to publish any letter or letters addressed to them upon such occasions as require or justify the publication or public use of them, but this right is strictly limited to such occasions. Thus a person may justifiably use and publish in a [244]
- 67. No Copyright in Titles. suit at law or in equity such letter or letters as are necessary and proper to establish his right to maintain the suit or defend the same. So if he be aspersed or misrepresented by the writer or accused of improper conduct in a public manner, he may publish such parts of such letter or letters, but no more, as may be necessary to vindicate his character and his reputation, or free him from unjust obloquy and reproach. If he attempt to publish such letter or letters on other occasions not justifiable, a Court of Equity will prevent the publication by an injunction as a breach of private confidence or contract or of the rights of the author, and a fortiori if he attempt to publish them for profit, for then it is not a mere breach of confidence or contract, but it is a violation of the exclusive copyright of the writer. In short, the person to whom letters are addressed has but a limited right or special property (if I may so call it) in such letters as a trustee, or bailee for particular purposes, either of information or of protection or of support of his own rights and character. The general property and the general rights incident to property belong to the writer, whether the letters are literary compositions or familiar letters or details of facts or letters of business. The general property in the manuscript remains in the writer and his representatives as well as the general copyright. A fortiori third persons standing in no privity with either party are not entitled to publish them to subserve their own private purposes of interest or curiosity or passion. It is not quite accurate to say that the receiver of a letter is merely a trustee or bailee for particular purposes. Clearly the receiver of a letter is entitled to destroy it unless there is any express or implied stipulation to the contrary, and probably he can prevent the sender from publishing it by refusing to produce it if it is in his possession. As a rule there can be no copyright in a title.[1317] The deposit of the title-page with the Librarian of Congress does not give the author any exclusive
- 68. Photographs. right to the use of that title.[1318] A title can only be protected as a trade mark in connection with a particular literary or artistic production which has become known to the public. The public must be shown to be deceived or to be in danger of being deceived.[1319] A title may be protected by registration as a trade mark.[1320] Photographs were first protected by the Statute of March 3, 1865; before then protection was refused to them under the head of prints, cuts, or engravings.[1321] It seems to have been doubted at one time whether the protection of photographs was not ultra vires of the powers conferred by the Constitution. There is certainly an apparent difficulty in bringing a photograph within the expression writings used in the Constitution; but this word has received an extremely wide and liberal construction, and has been held to be capable of including any literary or artistic production of the intellect. Photographs have been now frequently protected, but it is not every photograph that will be protected, there must be some evidence that the photographer has exercised an intellectual choice of subject- matter, expression, arrangement, light, or other circumstances or conditions which go to the production of an artistic photograph. [1322] It will be a question of fact for the Court or jury whether the photograph is a mere manual reproduction of subject-matter or an original work of art.[1323] In a portrait there may be copyright in so far as the photographer has relied on his own judgment for the choice of light, background, pose, or attitude.[1324] In one case the photograph of a yacht under sail was protected. It required the photographer to select and utilise the best effects of light, cloud, water, and general surroundings, and combine them under favourable conditions for depicting vividly and accurately the view of a yacht under sail.[1325] A slight colourable alteration in a non-copyright photograph will not entitle it to copyright.[1326] [245]
- 69. Engravings. Pictures. Engravings, cuts, and prints will be protected,[1327] but there must be at least some merit in them as artistic or instructive productions. Thus the prints of common articles of household use in a tradesmen's catalogue,[1328] drawings of billiard tables in a similar catalogue,[1329] a card of specimen colours and tints of zinc paints,[1330] and a poster with coloured drawings of a circus performance[1331] have all been refused protection. If there is real artistic merit in a drawing it will not be disentitled to protection merely on the ground that it has been used as an advertisement.[1332] It has been held that playing cards printed in colours are entitled to protection as prints.[1333] The Act of June 18, 1874, enacts that the protection of the Copyright Acts conferred on engravings, cuts, and prints shall not extend to prints or labels designed to be used for any articles of manufacture. This Act cannot be evaded by attempting to copyright the picture or drawing from which the label is designed. In Schumacher v. Wogram[1334] the Court refused protection under the Copyright Acts to a picture representing a young woman holding a bouquet of flowers intended to be reproduced on labels for cigar boxes. The reason for refusing protection of the copyright law to such productions is that their only real value is as a trade mark connected with a particular article of manufacture.[1335] They are not designed in themselves to instruct or amuse. As trade marks they will be protected if registered in the Patent Office. The fact that a picture could be readily lithographed and used as a label does not deprive it of copyright;[1336] it must in order to lose its copyright have been made with the intention of being used as a label. If the painting itself were to be considered a label because copies might be so used, no masterpiece would be entitled to copyright. A painting, engraving, or print in order to be [246] [247]
- 70. protected must be a pictorial representation of something and not merely a design.[1337] Section II.—Nationality of the Author. Unfortunately the Acts of Congress are not clear as to how far the works of foreign authors, or the works of non-residents in the United States are protected. Until 1891 the works of foreign authors not resident in the United States were denied protection. Sec. 4971 of the Revised Statutes ran as follows: Sec. 4971. Nothing in this chapter shall be construed to prohibit the printing, publishing, importation, or sale of any book, map, chart, dramatic or musical composition, print, cut, engraving, or photograph, written, composed, or made by any person not a citizen of the United States nor resident therein. [1338] By the Act of 1891, the benefits of copyright are extended to the citizens of foreign countries which are proclaimed by the President as conferring reciprocal rights on American citizens. Sec. 4971 of the Revised Statutes is repealed. The Act of March 3, 1891, section 13, enacts— That this Act shall only apply to a citizen or subject of a foreign state or nation when such foreign state or nation permits to citizens of the United States of America the benefit of copyright on substantially the same basis as its own citizens, or when such foreign state or nation is a party to an international agreement which provides for reciprocity in the granting of copyright by the terms of which agreement the United States of America may at its pleasure become a party to such agreement.
- 71. The existence of either of the conditions aforesaid shall be determined by the President of the United States by proclamation made from time to time as the purposes of this Act may require. The Act of March 3, 1891, section 5, amending the Revised Statutes, sec. 4959, enacts that— ... the alterations, revisions, and additions made to books by foreign authors heretofore published, of which new editions shall appear subsequently to the taking effect of this Act, shall be held and deemed capable of being copyrighted as above provided for in this Act, unless they form a part of the series in course of publication at the time this Act shall take effect. (July 1, 1891.) On these sections two questions seem to be left open: (1) Is the test to be applied the nationality of (a) the author, or of (b) the proprietor of the manuscript, or other unpublished work, at the time of publication; or will it satisfy the Act if (c) either of these persons complies with the requisite conditions of nationality? (2) Will residence in the United States or in one of the proclaimed countries confer the privileges on one who is not a citizen or subject of any of them? 1. It may be that it would be a sufficient compliance with the requirements of the Act if either the author or his assignee before publication were a citizen of the United States, or a subject or citizen of a proclaimed country. Section 1 amending the Revised Statutes, sec. 4952, gives the sole liberty to the author, inventor, designer, or proprietor, and to the executors, administrators, or assigns of any such person. Section 13 applies the Act to citizens or subjects of certain foreign states or nations. Under the Revised Statutes, section [248]
- 72. 4971, before 1891 it was the nationality of the author alone that was considered, and it would have been no answer to have said that the assignee before publication was an American citizen or resident in the United States. Perhaps in 1891 the benefit was designedly extended to assignees before publication, who complied with the conditions and who had taken assignments from foreign authors who did not. On the whole, however, I am inclined to the opinion that it will not do merely to allege that the assignee of the uncopyrighted and unpublished work is a citizen of the United States or a subject or citizen of one of the proclaimed countries. It must, I think, be alleged that the author, inventor, designer, or proprietor ab initio has complied with the conditions as to nationality. By proprietor ab initio (and probably this is the true meaning of proprietor in section 1 of the Act of March 3, 1891[1339]), I mean one who compiles a work by his servants or agents, for instance, a body corporate, which cannot be said to be an author, inventor, or designer, and yet is entitled to the whole property in the work of its servants as it grows up from day to day. I have not con sidered the assignee after publication. I think it must be abundantly clear that his nationality cannot be taken as the test, since if he took his assignment from a foreign author who did not comply with the conditions of nationality when the work was published, the work at the time of assignment would have become publici juris. If he took his assignment from one who complied with the conditions of nationality and copyrighted the work, the fact of his being an alien would not prevent him acquiring the copyright already secured. 2. Before 1891 residence in the United States, which was interpreted to mean permanent residence and not merely for the purposes of publication,[1340] was sufficient to entitle an author to the privileges of the Copyright Acts. The provision now, under the Act of March 3, 1891, is that the Act shall only apply to a citizen of a foreign country which has been proclaimed. Reading the Act strictly a foreign resident in the United States but not a citizen thereof is excluded from protection which he formerly had, unless he is a citizen or [249]
- 73. subject of a proclaimed country. No doubt this was not intended to be the result of the Act of 1891, but the words are plain and unambiguous, and there seems no reason why they should not have effect according to their plain meaning. A fortiori a foreigner resident in, but not a subject of, one of the proclaimed countries would not be entitled to copyright. The following States have been proclaimed as fulfilling one or other of the required conditions, and their citizens are therefore entitled to acquire copyright in the United States in the same way as an American citizen: Belgium ⎫ France ⎥ July 1, 1891. Great Britain ⎥ Switzerland ⎭ Germany April 15, 1892. Italy October 31, 1892. Denmark May 8, 1893. Portugal July 20, 1893. Spain July 10, 1895. Mexico Feb. 27, 1896. Chili May 25, 1896. Section III.—Necessary Formalities. No person is entitled to copyright unless he—[1341] I. In the case of a book, map, chart, dramatic or musical composition, engraving, cut, print, photograph, or chromo— [250]
- 74. (i.) Delivers (or mails within the United States) to the Librarian of Congress, on or before the day of publication, in the United States or elsewhere a printed copy of the title of the work. (ii.) Delivers (or mails within the United States) to the Librarian of Congress, not later than the day of publication in the United States or elsewhere two copies of the work. II. In the case of a painting, drawing, statue, statuary, or a model or design for a work of the fine arts—[1342] (i.) Delivers (or mails within the United States) to the Librarian of Congress, on or before the day of publication, in the United States or elsewhere a description of the work. (ii.) Delivers (or mails within the United States) to the Librarian of Congress, not later than the day of publication, in the United States or elsewhere a photograph of the work. The proprietor of every copyright book or other article must deliver (or mail within the United States) to the Librarian of Congress a copy of every subsequent edition wherein any substantial changes shall be made.[1343] Each volume of a book in two or more volumes, when such volumes are published separately, and the first one has not been issued before July 1, 1891, and each number of a periodical is to be considered an independent publication.[1344] The requirements of the statute as to delivery of title and copies, and printing of notice must therefore be complied with in the case of each volume of a book or number of a periodical. Conditions Precedent.—The deposit of title and delivery of copies as prescribed by the statutes are conditions precedent to copyright [251]
- 75. and not merely declaratory.[1345] There is no common law right after publication, and therefore if a work is published without the proper formalities having been observed it becomes publici juris, and any one may make what use of it he pleases.[1346] Ignorance of the law is no excuse even although a new Act has just been passed altering the time within which copies must be delivered.[1347] In an action for infringement the declaration must set out in detail a compliance with the law as to formalities,[1348] and the burden of proof thereof is on the complainant.[1349] He must prove the deposit of title, delivery of copies, notice of copyright, and the date of publication. The latter is essential, as on it depends the validity of the entry. [1350] Delivery of the Title.—The copy of the title to be delivered must be printed, i. e. the characters used must be those ordinarily used in printing, but they may be made by hand with a pen.[1351] The work must be published within a reasonable time after the deposit of the title-page, otherwise the formalities will not have been complied with.[1352] Two months' delay in mailing to the Librarian of Congress copies of a photograph after the filing of its title is not unreasonable. [1353] It will not do to publish a book under a substantially different title from that deposited. Immaterial variations in the title, or sub-title, or complete alteration of a description on the title-page will not make the deposit void. In Donnelley v. Ivers[1354] the title deposited was Over One Thousand Recipes. The Lake Side Cook Book: A Complete Manual of Practical, Economical, Palatable, and Healthful Cookery. Chicago: Donnelley, Lloyd Company, 1878. The title on the book as published was The Lake Side Cook Book, No. 1. A Complete Manual of Practical, Economical, Palatable, and Healthful Cookery. By N. A. D. It was held that the requirement as to the deposit of title having been substantially, in good faith complied with, the objection was not tenable. What is required is, that the deposited [252]
- 76. title be sufficient to identify the book with substantial certainty. In Carte v. Evans,[1355] the title filed was Pianoforte Arrangement of the Comic Opera, The Mikado, or the Town of Titipu, by W. S. Gilbert and Sir Arthur Sullivan. By George L. Tracey. The book as published bore the title Vocal Score of the Mikado, or The Town of Titipu. Arrangement for Pianoforte by George Lowell Tracey (of Boston, U. S. A.) of the above-named opera by W. S. Gilbert and Arthur Sullivan. This was held a sufficient deposit to protect the pianoforte accompaniment. In Black v. Allen[1356] the title deposited was An Outline of the Political and Economic History of the United States, with Maps and Charts: I. History and Constitution by Alexander Johnson, M. A.; II. Population and Industry by Francis A. Walker, LL. D. The title of the book as deposited was United States: Part III. Political Geography and Statistics, copyright, 1888, by Francis A. Walker. In the absence of evidence that the defendant was deceived or misled by the change of the title the Court held that it was valid. In Daly v. Brady[1357] the title of a drama deposited was Under the Gaslight: A Drama of Life and Love in these Times. The actual title as published was Under the Gaslight: A Romantic Panorama of the Streets and Homes of New York. The Court held that the change of title might deceive the public, and therefore the deposit of title was bad; but this decision was reversed in Daly v. Webster;[1358] the variance was in the description. The title required may include a sub-title, but it does not include a description of the book upon the title-page. An author may wish to change his title entirely after he has deposited the title-page. He may do this before the deposit of copies by depositing a fresh title-page; but it is questionable whether the duration of his copyright will run from the first deposit of title or from the deposit of the altered title.[1359] Delivery of Description.—Probably a short description is all that is required. If the title is in itself descriptive, probably that will be sufficient. The photograph of a painting, or other work of art which [253]
- 77. is required to be delivered, does not take the place of a description. [1360] Delivery of Copies.—Under the Revised Statutes before 1891 the printed copies had to be delivered within ten days from the publication thereof. This was sufficiently complied with by the delivery of two copies on the day before publication.[1361] The Act of 1891 now requires that the two printed copies shall be delivered not later than the day of publication. The copies deposited with the Librarian of Congress do not require to bear the statutory notice as to copyright.[1362] The memorandum given by the librarian is sufficient primâ facie evidence of the fact and date of deposit.[1363] The librarian's date stamp on the book is not conclusive, and may be rebutted by other evidence of the actual date of deposit.[1364] If the copyright matter is ordinarily bound up with other matter, the Librarian of Congress cannot insist on the delivery of the bound volume complete. It is a sufficient delivery to take the volume to pieces and deliver the loose sheets on which the copyright matter is printed.[1365] Before 1891 the two copies deposited had to be of the best edition, but this appears to be no longer necessary. Printing in the United States.—In the case of [254]
- 78. i. books, ii. chromos, iii. lithographs, iv. photographs, the two copies required to be delivered must be printed from type set within the limits of the United States or from plates made therefrom, or from negatives or drawings on stone made within the limits of the United States, or from transfers made therefrom.[1366] This requirement was introduced in 1891, when the privileges of copyright were extended to subjects and citizens of foreign countries. Formerly there was no obligation to print within the United States. It has been held that a volume of music is not a book within the meaning of the provision in the statute enacting that the two copies delivered shall be printed in the United States.[1367] It would seem to follow that the necessity of printing in the United States does not extend either to maps or charts, or even to dramatic compositions in book form. These are all dealt with specifically in the Act, and therefore, on the authority of Littleton v. Oliver,[1368] do not come within the generic term books. Retrospective Provision.—By an Act of March 3, 1893, it is enacted— That any author, inventor, designer, or proprietor of any book or other article entitled to copyright, who has heretofore failed to deliver in the office of the Librarian of Congress two complete copies of such book, or description or photograph of such article within the time limited by title sixty, chapter three of the Revised Statutes relating to copyrights and the Acts in amendment thereof, and has complied with all other provisions
- 79. thereof, who has before the 1st day of March 1893 delivered at the office of Librarian of Congress or deposited in the mail addressed to the Librarian of Congress two complete printed copies of such book, or description or photograph of such article, shall be entitled to all the rights and privileges of such title sixty, chapter three of the Revised Statutes and the Acts in amendment thereof. Notice of Copyright.—No person can maintain an action for infringement of his copyright unless each published copy of his work bears one or other of the following notices:[1369] Entered according to Act of Congress in the year ——, by A. B., in the office of the Librarian of Congress at Washington. Or: Copyright, 18—, by A. B. Books must bear the notice: On the title-page or page immediately following.[1370] Designs for moulded decorative articles, tiles, plaques, or articles of pottery: Upon the back or bottom of such articles or on such other place upon them as it has heretofore been usual ... for the placing of manufacturers, merchants, and trade marks thereon. [1371] Other works, including musical compositions, photographs, pictures, engravings: Upon some visible portion thereof, or of the substance upon which the same shall be mounted.[1372] [255]
- 80. Slight variation. The statutory requirements as to notice must be strictly complied with, and a departure from the exact words of one or other of the alternative forms may be fatal to the right of action. When the only notice on a book was Entered according to Act of Congress, in the year 1878, by H. A. Jackson, it was held an insufficient notice as complying with neither of the two alternative forms.[1373] A very slight variance in the words or the orders of the slight words, if the matter is substantially the same, will not, however, make a bad notice. Thus 1889, Copyrighted by B. J. Falk, N. Y., has been held a good notice. [1374] So also has Copyright entered according to Act of Congress, 1889, by T. C. Hefel, civil engineer. It was held to comply with the short alternative notice, viz.: Copyright, 18—, by A. B., the superfluous words being disregarded on the doctrine of utile per inutile non vitiatur.[1375] The name of the proprietor who takes out the copyright is an essential part of the notice. In Osgood v. Aloe[1376] the following notice was printed on the page following the title-page, Copyright, 1891; all rights reserved. This was held a bad notice, and the name of the publishers, who were also the proprietors, printed on the title- page was insufficient. There was nothing to show that they were proprietors as well as publishers. Copyright may be taken out in the name of a firm or a conventional trade name, and if that name is on the notice it is sufficient.[1377] But it must be the full and proper name under which the proprietors are trading. Thus when The Illustrated American Publishing Company issued a paper entitled The Illustrated American, the following was held an insufficient notice on a crayon drawing published by the Company, viz.: Copyrighted 1891, by The Illustrated American.[1378] It seems, however, that it is not necessary for an individual to give his full name if what is given is sufficient for the purposes of identity. Thus the surname and the first letter of the Christian name,[1379] and in one case the [256]
- 81. surname alone have been held sufficient.[1380] The latter case was that of a photographer in Brooklyn. It was shown that there was only one photographer of that name in Brooklyn, and the notice ran Copyright, '93, by Bolles, Brooklyn.[1381] If the full name is given there is no necessity to give the address of the proprietor, even although he be a foreigner resident abroad.[1382] It will not do to put the name of an agent on the notice. In Nifflin v. Dutton[1383] the authoress of The Minister's Wooing took out a copyright in the whole book in her own name. Subsequently several chapters of the story were published serially in the Atlantic Monthly. The only notice of copyright in that magazine was in the name of the publishers, Ticknor and Fields. It was held that these chapters had not a sufficient notice. Great care must be taken in the case of serial publications. If a story is published in a magazine each part must be treated as a separate book, and must contain a notice of copyright by the author if he is the owner. When the book is published as a whole these notices must be repeated; it will not do merely to copyright the whole book afresh and print a new notice. Date of Entry.—The date required is the year only; neither the day nor the month is necessary. The statement of a wrong year has been held fatal to the notice. In Baker v. Taylor[1384] the true date of taking out copyright was 1846. The notice stated 1847 as the year, and this was held as bad notice, even although the error arose from mistake. But in Callaghan v. Myers[1385] the notice put an earlier instead of a later date than the actual date of deposit; the true date being 1867, the notice declared copyright to have been entered in 1866. This was held an immaterial error, since it deceived no one, and would only operate to shorten the claimant's copyright by one year. In Schumacher v. Wogram[1386] Wallace, J., doubted whether the declaration in the notice of a date earlier than the true date would not make the notice void. It is immaterial that the date on the [257]
- 82. notice is abbreviated if it is sufficiently clear what date is meant; thus, Copyright, '94, by A. B., is a good notice.[1387] It is extremely difficult to determine what date the law requires to be placed upon the second or subsequent edition of a book wherein substantial alterations or additions have been made. In the case of a reprint, I think it is clear that the date of the first edition, and that only, is the correct date; and even where alterations or additions have been made I think that that date is necessary, and I doubt whether it is necessary to add another notice giving the date of the revised edition. It would seem that a subsequent edition does not require to be entered in the same manner as the original edition; the statute is complied with by the deposit of a copy of every subsequent edition wherein any substantial changes shall be made. If this is done copyright in the alterations seems to have been procured. In Lawrence v. Dana[1388] Clifford, J., held that it was not necessary in a subsequent edition to give the date of the entry of the first edition[1389]; but I doubt if this is sound. On the whole, I think the correct view is that the matter peculiar to the first edition, whether it be printed in the first or any subsequent edition, must bear a notice with the date when that matter was first entered, and that the matter peculiar to any subsequent edition will be protected until the expiry of the copyright in the first edition, if it bears a notice with the date of the first edition only, and if a copy has been sent to the Librarian of Congress. I further think that the matter peculiar to subsequent editions may be protected for the full term of twenty-eight or thirty-two years from the date of the first publication of the edition in which it is first contained, if such edition is separately entered, by two copies of the title-page and of the book being deposited, and if it bears a notice with the date of such separate entry. I think, therefore, in every new edition in which there is a substantial alteration or addition there should as a matter of practice be a separate entry of copyright and separate notices on the title-page, one for each edition of the book. [258]
- 83. Welcome to our website – the perfect destination for book lovers and knowledge seekers. We believe that every book holds a new world, offering opportunities for learning, discovery, and personal growth. That’s why we are dedicated to bringing you a diverse collection of books, ranging from classic literature and specialized publications to self-development guides and children's books. More than just a book-buying platform, we strive to be a bridge connecting you with timeless cultural and intellectual values. With an elegant, user-friendly interface and a smart search system, you can quickly find the books that best suit your interests. Additionally, our special promotions and home delivery services help you save time and fully enjoy the joy of reading. Join us on a journey of knowledge exploration, passion nurturing, and personal growth every day! ebookbell.com