Showing total 220 results

1. Security provisions in smart edge computing devices using blockchain and machine learning algorithms: a novel approach.

Author

Mishra, Kamta Nath, Bhattacharjee, Vandana, Saket, Shashwat, and Mishra, Shivam Prakash

Subjects

MACHINE learning, MULTI-factor authentication, FEDERATED learning, BLOCKCHAINS, EDGE computing, DATA security, DATA security failures, PUBLIC key cryptography

Abstract

It is difficult to manage massive amounts of data in an overlying environment with a single server. Therefore, it is necessary to comprehend the security provisions for erratic data in a dynamic environment. The authors are concerned about the security risk of vulnerable data in a Mobile Edge based distributive environment. As a result, edge computing appears to be an excellent perspective in which training can be done in an Edge-based environment. The combination of Edge computing and consensus approach of Blockchain in conjunction with machine learning techniques can further improve data security, mitigate the possibility of exposed data, and it reduces the risk of a data breach. As a result, the concept of federated learning provides a path for training the shared data. A dataset was collected that contained several vulnerable, exposed, recovered, and secured data and data security was precepted under the surveillance of two-factor authentication. This paper discusses the evolution of data and security flaws and their corresponding solutions in smart edge computing devices. The proposed model incorporates data security using consensus approach of Blockchain and machine learning techniques that include several classifiers and optimization techniques. Further, the authors applied the proposed algorithms in an edge computing environment by distributing several batches of data to different clients. As a result, the client privacy was maintained by using Blockchain servers. Furthermore, the authors segregated the client data into batches that were trained using the federated learning technique. The results obtained in this paper demonstrate the implementation of a Blockchain-based training model in an edge-based computing environment. [ABSTRACT FROM AUTHOR]

Published

2024

2. A distributed intelligence framework for enhancing resilience and data privacy in dynamic cyber-physical systems.

Author

Azeri, Nabila, Hioual, Ouided, and Hioual, Ouassila

Subjects

DATA privacy, CYBER physical systems, ELECTRONIC data processing, DATA security failures, INFRASTRUCTURE (Economics)

Abstract

Cyber-Physical Systems (CPS) are integral components of modern, interconnected environments, playing a crucial role in various applications such as smart infrastructure and autonomous systems. These systems operate in complex and ever-evolving settings, where resilience is an essential characteristic. Recently, several Machine Learning (ML) techniques have been proposed to design and implement resilience in CPS. However, this approach has often prioritized performance gains and adaptability enhancements, leading to a disregard for the potential dangers linked to centralized data processing, including data breaches and privacy infringements. To harness the full potential of ML in CPS, this paper introduces a distributed intelligence framework that equally prioritizes security, data privacy, and adaptability. The proposed framework is implemented through the integration of Federated Machine Learning techniques, where the CPS architecture is decentralized, allowing data processing to occur locally on individual nodes or devices. This decentralized approach facilitates the aggregation of insights from multiple sources without the need for centralized data processing, thereby minimizing the risks associated with data breaches and privacy violations. We further validate the viability of the proposed framework through its successful implementation in a real-world industrial CPS application, specifically focused on fault prediction within industrial CPS environments. In addition to its privacy and security benefits, our approach also achieved promising results in terms of accuracy and precision. [ABSTRACT FROM AUTHOR]

Published

2024

3. MAIDS: malicious agent identification-based data security model for cloud environments.

Author

Gupta, Kishu, Saxena, Deepika, Gupta, Rishabh, and Singh, Ashutosh Kumar

Subjects

DATA security failures, DATA transmission systems, DATA security, MACHINE learning, DATA protection

Abstract

With the vigorous development of cloud computing, most organizations have shifted their data and applications to the cloud environment for storage, computation, and sharing purposes. During storage and data sharing across the participating entities, a malicious agent may gain access to outsourced data from the cloud environment. A malicious agent is an entity that deliberately breaches the data. This information accessed might be misused or revealed to unauthorized parties. Therefore, data protection and prediction of malicious agents have become a demanding task that needs to be addressed appropriately. To deal with this crucial and challenging issue, this paper presents a Malicious Agent Identification-based Data Security (MAIDS) Model which utilizes XGBoost machine learning classification algorithm for securing data allocation and communication among different participating entities in the cloud system. The proposed model explores and computes intended multiple security parameters associated with online data communication or transactions. Correspondingly, a security-focused knowledge database is produced for developing the XGBoost Classifier-based Malicious Agent Prediction (XC-MAP) unit. Unlike the existing approaches, which only identify malicious agents after data leaks, MAIDS proactively identifies malicious agents by examining their eligibility for respective data access. In this way, the model provides a comprehensive solution to safeguard crucial data from both intentional and non-intentional breaches, by granting data to authorized agents only by evaluating the agent's behavior and predicting the malicious agent before granting data. The performance of the proposed model is thoroughly evaluated by accomplishing extensive experiments, and the results signify that the MAIDS model predicts the malicious agents with high accuracy, precision, recall, and F1-scores up to 95.55%, 95.30%, 95.50%, and 95.20%, respectively. This enormously enhances the system's security in terms of authorized data access accuracy up to 55.49%, precision up to 43.15%, recall up to 55.49%, and F1-score up to 39.96%, respectively, as compared to state-of-the-art work. [ABSTRACT FROM AUTHOR]

Published

2024

4. A large-scale data security detection method based on continuous time graph embedding framework.

Author

Liu, Zhaowei, Che, Weishuai, Wang, Shenqiang, Xu, Jindong, and Yin, Haoyu

Subjects

DATA security, MACHINE learning, DATA privacy, REPRESENTATIONS of graphs, DATA security failures, CRYPTOGRAPHY, PUBLIC key cryptography

Abstract

Graph representation learning has made significant strides in various fields, including sociology and biology, in recent years. However, the majority of research has focused on static graphs, neglecting the temporality and continuity of edges in dynamic graphs. Furthermore, dynamic data are vulnerable to various security threats, such as data privacy breaches and confidentiality attacks. To tackle this issue, the present paper proposes a data security detection method based on a continuous-time graph embedding framework (CTDGE). The framework models temporal dependencies and embeds data using a graph representation learning method. A machine learning algorithm is then employed to classify and predict the embedded data to detect if it is secure or not. Experimental results show that this method performs well in data security detection, surpassing several dynamic graph embedding methods by 5% in terms of AUC metrics. Furthermore, the proposed framework outperforms other dynamic baseline methods in the node classification task of large-scale graphs containing 4321477 temporal information edges, resulting in a 10% improvement in the F1 score metric. The framework is also robust and scalable for application in various data security domains. This work is important for promoting the use of continuous-time graph embedding framework in the field of data security. [ABSTRACT FROM AUTHOR]

Published

2023

5. Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitioners.

Author

Canedo, Edna Dias, Bandeira, Ian Nery, Calazans, Angelica Toffano Seidel, Costa, Pedro Henrique Teixeira, Cançado, Emille Catarine Rodrigues, and Bonifácio, Rodrigo

Subjects

SOFTWARE development tools, INFORMATION technology, PRIVACY, COMPUTER software development, DATA security failures, DATA privacy

Abstract

During the software development process and throughout the software lifecycle, organizations must guarantee users' privacy by protecting personal data. There are several studies in the literature proposing methodologies, techniques, and tools for privacy requirements elicitation. These studies report that practitioners must use systematic approaches to specify these requirements during initial software development activities to avoid users' data privacy breaches. The main goal of this study is to identify which methodologies, techniques, and tools are used in privacy requirements elicitation in the literature. We have also investigated Information Technology (IT) practitioners' perceptions regarding the methodologies, techniques, and tools identified in the literature. We have carried out a systematic literature review (SLR) to identify the methodologies, techniques, and tools used for privacy requirements elicitation. Besides, we have surveyed IT practitioners to understand their perception of using these techniques and tools in the software development process. We have found several methodologies, techniques, and tools proposed in the literature to carry out privacy requirements elicitation. Out of 78 studies cataloged within the SLR, most of them did not verify their methodologies and techniques in a practical case study or illustrative contexts (38 studies), and less than 35% of them (26 studies) experimented with their propositions within an industry context. The Privacy Safeguard method (PriS) is the best known among the 198 practitioners in the industry who participated in the survey. Moreover, use cases and user story are their most-used techniques. This qualitative and quantitative study shows a perception of IT practitioners different from those presented in other research papers and suggests that methodologies, techniques, and tools play an important role in IT practitioners' perceptions about privacy requirements elicitation. [ABSTRACT FROM AUTHOR]

Published

2023

6. Relating Social Media Diffusion, Education Level and Cybersecurity Protection Mechanisms to E-Participation Initiatives: Insights from a Cross-Country Analysis.

Author

Ahangama, Supunmali

Subjects

PROTECTION motivation theory, INTERNET security, SOCIAL media in business, SOCIAL media, VIRTUAL networks, DATA security failures

Abstract

Virtual Social Networks (VSN) act as a catalyst for the success of the active participation of citizens in information sharing, collaboration, and decision making. VSN based e-participation tools allow many-to-many communication and collaboration near real-time with users who might be in geographically dispersed locations. It provides a platform to voice opinions and perspectives and share them with others in new and innovative ways. Cybersecurity is a key area that needs to be considered for the success and continuous use of e-participation systems as it protects user privacy and helps to avoid scams, harassment, and misinformation. The intervening effect of cybersecurity protection mechanisms and citizens' education level on the relationship between VSN diffusion and e-participation initiatives is explored in the proposed research model presented in this paper. Moreover, this research model is explored for different stages of e-participation (e-information, e-consultation, and e-decision making) and the five dimensions of cybersecurity (legal, technical, organizational, capacity building, and cooperation). The findings indicate that improved VSN usage has increased e-participation (especially in e-consultation and e-decision making) as a result of improved cybersecurity protection and public education, highlighting the varying importance of different cybersecurity protection measures for three stages of e-participation. Thus, considering the recent problems like platform manipulation, misinformation and data breaches associated with the use of VSN for e-participation, this study emphasizes the importance of regulations, policies, partnerships, technical frameworks, and research to ensure cybersecurity, as well as the importance of education to enable the public to interact productively in e-participation activities. This study is performed using publicly available data from 115 countries and the research model is developed, drawing theoretical basis from the Protection Motivation Theory, Structuration Theory, and Endogenous Growth Theory. This paper recognizes the theoretical and practical implications, and limitations while recommending future research directions. [ABSTRACT FROM AUTHOR]

Published

2023

7. Machine learning-based intrusion detection: feature selection versus feature extraction.

Author

Ngo, Vu-Duc, Vuong, Tuan-Cuong, Van Luong, Thien, and Tran, Hung

Subjects

INTRUSION detection systems (Computer security), FEATURE selection, MACHINE learning, FEATURE extraction, DATA security failures, SMART cities

Abstract

Internet of Things (IoTs) has been playing an important role in many sectors, such as smart cities, smart agriculture, smart healthcare, and smart manufacturing. However, IoT devices are highly vulnerable to cyber-attacks, which may result in security breaches and data leakages. To effectively prevent these attacks, a variety of machine learning-based network intrusion detection methods for IoT networks have been developed, which often rely on either feature extraction or feature selection techniques for reducing the dimension of input data before being fed into machine learning models. This aims to make the detection complexity low enough for real-time operations, which is particularly vital in any intrusion detection systems. This paper provides a comprehensive comparison between these two feature reduction methods of intrusion detection in terms of various performance metrics, namely, precision rate, recall rate, detection accuracy, as well as runtime complexity, in the presence of the modern UNSW-NB15 dataset as well as both binary and multiclass classification. For example, in general, the feature selection method not only provides better detection performance but also lower training and inference time compared to its feature extraction counterpart, especially when the number of reduced features K increases. However, the feature extraction method is much more reliable than its selection counterpart, particularly when K is very small, such as K = 4 . Additionally, feature extraction is less sensitive to changing the number of reduced features K than feature selection, and this holds true for both binary and multiclass classifications. Based on this comparison, we provide a useful guideline for selecting a suitable intrusion detection type for each specific scenario, as detailed in Table 14 at the end of Sect. 4. Note that such the comparison between feature selection and feature extraction over UNSW-NB15 as well as theoretical guideline have been overlooked in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

8. An efficient polynomial-based verifiable computation scheme on multi-source outsourced data.

Author

Zhang, Yiran, Geng, Huizheng, Su, Li, He, Shen, and Lu, Li

Subjects

INFORMATION technology security, CLOUD computing, DATA security failures, LINEAR algebra, TRUST, NUMERICAL analysis

Abstract

With the development of cloud computing, users are more inclined to outsource complex computing tasks to cloud servers with strong computing capacity, and the cloud returns the final calculation results. However, the cloud is not completely trustworthy, which may leak the data of user and even return incorrect calculations on purpose. Therefore, it is important to verify the results of computing tasks without revealing the privacy of the users. Among all the computing tasks, the polynomial calculation is widely used in information security, linear algebra, signal processing and other fields. Most existing polynomial-based verifiable computation schemes require that the input of the polynomial function must come from a single data source, which means that the data must be signed by a single user. However, the input of the polynomial may come from multiple users in the practical application. In order to solve this problem, the researchers have proposed some schemes for multi-source outsourced data, but these schemes have the common problem of low efficiency. To improve the efficiency, this paper proposes an efficient polynomial-based verifiable computation scheme on multi-source outsourced data. We optimize the polynomials using Horner's method to increase the speed of verification, in which the addition gate and the multiplication gate can be interleaved to represent the polynomial function. In order to adapt to this structure, we design the corresponding homomorphic verification tag, so that the input of the polynomial can come from multiple data sources. We prove the correctness and rationality of the scheme, and carry out numerical analysis and evaluation research to verify the efficiency of the scheme. The experimental indicate that data contributors can sign 1000 new data in merely 2 s, while the verification of a delegated polynomial function with a power of 100 requires only 18 ms. These results confirm that the proposed scheme is better than the existing scheme. [ABSTRACT FROM AUTHOR]

Published

2024

9. Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat.

Author

Herrera Montano, Isabel, García Aranda, José Javier, Ramos Diaz, Juan, Molina Cardín, Sergio, de la Torre Díez, Isabel, and Rodrigues, Joel J. P. C.

Subjects

DATA protection, DIGITAL rights management, DATA security failures, SCIENCE databases, SCIENTIFIC literature, CRYPTOCURRENCIES, BLOCKCHAINS

Abstract

Data leakage is a problem that companies and organizations face every day around the world. Mainly the data leak caused by the internal threat posed by authorized personnel to manipulate confidential information. The main objective of this work is to survey the literature to detect the existing techniques to protect against data leakage and to identify the methods used to address the insider threat. For this, a literature review of scientific databases was carried out in the period from 2011 to 2022, which resulted in 42 relevant papers. It was obtained that from 2017 to date, 60% of the studies found are concentrated and that 90% come from conferences and publications in journals. Significant advances were detected in protection systems against data leakage with the incorporation of new techniques and technologies, such as machine learning, blockchain, and digital rights management policies. In 40% of the relevant studies, significant interest was shown in avoiding internal threats. The most used techniques in the analyzed DLP tools were encryption and machine learning. [ABSTRACT FROM AUTHOR]

Published

2022

10. IoT-based intrusion detection system for healthcare using RNNBiLSTM deep learning strategy with custom features.

Author

Jeyanthi, D. V. and Indrani, B.

Subjects

DEEP learning, FEATURE extraction, RECURRENT neural networks, MEDICAL equipment, DATA security failures

Abstract

The need for security in healthcare environments has become increasingly important due to the rise of cyber-attacks and data breaches. In order to address this issue, this paper proposes an Internet of Things (IoT)-based intrusion detection system for healthcare using a deep learning strategy with custom features. This paper proposes an IoT-based intrusion detection system for healthcare using a deep learning strategy with custom features. The proposed system utilizes the IoT technology to gather real-time data from various medical devices and sensors deployed in a healthcare environment. The system incorporates a recurrent neural network (RNN) and a bidirectional long short-term memory (BiLSTM) algorithm to detect and classify intrusion attempts. The custom features are extracted from the incoming data streams and used to train the deep learning models. The proposed system is evaluated on a dataset comprising different types of intrusion scenarios, and it achieves an accuracy of 99.16%, error rate of 0.008371%, sensitivity ratio of 99.89% and specificity ratio of 98.203% for IoTID20 with custom features using RNNBiLSTM. The results demonstrate the effectiveness of the proposed system in detecting and mitigating security threats in a healthcare environment. The system has the potential to improve patient privacy and security, ultimately leading to better healthcare outcomes. [ABSTRACT FROM AUTHOR]

Published

2023

11. Attribute-based access control scheme for secure storage and sharing of EHRs using blockchain and IPFS.

Author

Kaur, Jasleen, Rani, Rinkle, and Kalra, Nidhi

Subjects

ACCESS control, ELECTRONIC health records, BLOCKCHAINS, MEDICAL records, DATA warehousing, AUDIT trails, DATA security failures

Abstract

Medical records are one of the crucial documents and a significant asset for anyone seeking treatment. Electronic health records (EHRs) have made a dynamic shift by making them easier to manage, facilitate and share among various stakeholders such as doctors, lab technicians, and insurance agents. EHRs are vulnerable to hacker, cybercriminal attacks, and data breaches. Once compromised, health records cannot be retrieved. As a result, patients must have control over who gets their EHRs, when they get them, and where they get them. To address the aforementioned issue, this paper proposes a blockchain-based secure record-keeping and trustworthy sharing system. In order to do this, a distributed off-chain storage architecture for large-scale medical data storage is developed, which overcomes the drawbacks of on-chain data storage and enhances scalability. The distributed storage, i.e., InterPlanetary File System, is a content-addressable storage that ensures the integrity of the content such that a slight modification in the stored EHR records results in a change in the obtained hash value. Furthermore, a Ciphertext Policy Attribute-Based Encryption (CP-ABE) algorithm integrated with blockchain technology is designed for fine-grained access control, allowing only authorized users to access specific EHR data based on their attributes. The combination of CP-ABE with blockchain technology provides a tamper-proof and verifiable audit trail of all data access and updations made to EHRs. This enhances accountability and ensures that the patients or owners can track and verify all actions taken on the data. To implement the proposed system, the Remix-Ethereum IDE is used. Smart contracts (SCs) are designed with access permissions so patients have complete control over their records. The scalability and immutability of the system is ensured by storing the hash of the encrypted EHRs on the blockchain and the actual encrypted records on IPFS. The security analysis of the proposed system is carried out by evaluating its resistance to various attacks. Additionally, potential security flaws in the proposed SCs are investigated using the Oyente tool. Different test cases are presented to demonstrate the functionality and cost analysis of the proposed system. [ABSTRACT FROM AUTHOR]

Published

2024

12. An extended lightweight blockchain based collaborative healthcare system for fraud prevention.

Author

Settipalli, Lavanya, Gangadharan, G. R., and Bellamkonda, Sivaiah

Subjects

FRAUD, DATA security failures, BLOCKCHAINS, MEDICAL care

Abstract

Multiple benefits (submitting healthcare bills to one or more organizations) and data breaches (tampering of healthcare data by healthcare organization authorities) are typical frauds happening due to the centralization of authority in healthcare systems. Preventing multiple benefits and data breaches can greatly lessen the huge losses to healthcare systems. In this paper, we propose an extended lightweight blockchain (ELB) based collaborative healthcare system for decentralizing the authority in healthcare organizations. The proposed architecture is rigorously tested in avoiding multiple benefits and data breaches and compared with the state-of-the-art methods. The experimental results evidenced that the proposed ELB architecture can effectively avoid multiple benefits and data breaches with less computation and communication overheads. [ABSTRACT FROM AUTHOR]

Published

2024

13. Cloud-edge data encryption in the internet of vehicles using Zeckendorf representation.

Author

Wu, Yun, Wu, Liangshun, and Cai, Hengjin

Subjects

DATA encryption, SHIFT registers, STREAM ciphers, DATA security failures, DATA security, SECURITY systems, CRYPTOGRAPHY

Abstract

Cloud-edge data security is a key issue in the internet of vehicles (IoV), as the potential for data breaches increases as more vehicles are connected. As vehicles become smarter and more connected, the risk of unauthorized access to the data generated by the vehicles also increases. Data encryption is a highly effective security measure that is widely used to protect the IoV from malicious actors. By encrypting data, it becomes virtually impossible for unauthorized individuals to access the information. This ensures that only the intended parties can access the data, allowing for secure communication between cloud and edge. Data encryption is a cost-effective and reliable security measure that is essential for any organization that relies on the IoV. The IoV is characterized by the large volume of data that is exchanged between devices in cloud and edge. This necessitates the use of a strong encryption method, such as stream ciphering, which is particularly well-suited to this type of environment. Stream ciphering provides the highest levels of security, making it the ideal choice for securing data transmission in the IoV. Many stream ciphering algorithms use bitwise exclusive or (XOR) to encrypt the data stream, so the core is the generation of a pseudo-random key stream. This paper proves that the probability of the number 1 appearing in the middle part of the Zeckendorf representation is constant, which can be used to generate pseudo-random key stream sequences. The pseudo-random sequence generated by the linear feedback shift register (LSFR) is periodic, and the key sequence will be duplicated. The logistic chaos (LC) sequence is too sensitive to the disturbance of initial value, and its stability is poor. In this paper, our proposed ZPKG (key generator based on Zeckendorf presentation) algorithm solves these two main problems in stream ciphering. The generated key sequence not only has strong randomness, but also is infinitely long, and it is robust to the minor disturbance of the initial value. [ABSTRACT FROM AUTHOR]

Published

2023

14. Resilienz gegen IT-Angriffe an Kliniken: Ergebnisse einer Stabsrahmenübung an einem Universitätsklinikum.

Author

Pfenninger, E. G., Schmidt, S. A., Rohland, C., Peters, S., McNutt, D., Kaisers, U. X., and Königsdorfer, M.

Subjects

*ACADEMIC medical centers, *DATA security failures, *HEALTH facilities, *DEPARTMENTS, *EMERGENCY management, *HOSPITAL pharmacies, *DATA security, *DESCRIPTIVE statistics, *HOSPITAL laboratories, *HOSPITAL radiological services, *INFORMATION technology, *PSYCHOLOGICAL resilience, *CRISIS intervention (Mental health services)

Abstract

Background: According to the legal definition healthcare systems and their components (e.g., hospitals) are part of the critical infrastructure of modern industrial nations. During the last few years hospitals increasingly became targets of cyber attacks causing severe impairment of their operability for weeks or even months. According to the German federal strategy for protection of critical infrastructures (KRITIS strategy), hospitals are obligated to take precautions against potential cyber attacks or other IT incidents. Objective: This article describes the process of planning, execution and results of an advanced table-top exercise which took place in a university hospital in Germany and simulated the first 3 days after a cyber attack causing a total failure of highly critical IT systems. Material and methods: During a first stage lasting about 8 months IT-dependent processes within the clinical routine were identified and analyzed. Then paper-based and off-line back-up processes and workarounds were developed and department-specific emergency plans were defined. Finally, selected central facilities such as pharmacy, laboratory, radiology, IT and the hospitals crisis management team took part in the actual disaster exercise. Afterwards the participants were asked to evaluate the exercise and the hospitals cyber security using a questionnaire. On this basis the authors visualized the hospitalʼs resilience against cyber incidents and defined short-term, medium-term and long-term needs for action. Results: Of the participants 85% assessed the exercise as beneficial, 97% indicated that they received adequate support during the preparations and 75% had received sufficient information; however, only 34% had the opinion that the hospitalʼs and their own preparedness against critical IT failures were sufficient. Before the exercise took place, IT-specific emergency plans were present only in 1.7% of the hospital facilities but after the exercise in 86.7% of the clinical and technical departments. The highest resilience against cyber attacks was not surprisingly reported by facilities that still work routinely with paper-based or off-line processes, the IT department showed the lowest resilience as it would come to a complete shutdown in cases of a total IT failure. Conclusion: The authors concluded that the planning phase is the most important stage of developing the whole exercise, giving the best opportunity for working out fallback levels and workarounds and through this strengthen the hospitals resilience against cyber attacks and comparable incidents. A meticulous preparedness can minimize the severe effects a total IT failure can cause on patient care, staff and the hospital as a whole. [ABSTRACT FROM AUTHOR]

Published

2023

15. A method for insider threat assessment by modeling the internal employee interactions.

Author

Sepehrzadeh, Hamed

Subjects

DATA security failures, INFORMATION technology security, DIRECTED graphs

Abstract

Insider's information security threat is one of the most critical issues in organizations. Due to their access to the assets and their knowledge about the systems, they pose a significant threat on organizations. It is difficult to distinguish between the behavior of normal employee and anomalous one due to its complex nature. It is important to predict the potential of occurring an undesired behavior of by an employee before taking place a security failure. An employee with a high degree of threat may try to influence other colleagues to encourage them to behave improperly and cause an information security breach. Therefore, analyzing the relationships between colleagues and assessing the influence propagation of insider threats play an important role in information security improvement process. This paper introduces an approach for modeling the relationships between colleagues to estimate the impact propagation of insider threats in organizations. The proposed approach has two main phases. In the first phase, the potential threat level of the organization employees is evaluated using the human and organizational factors of information security questionary. In the second phase, by modeling the employee's relationships, the influence propagation of threats is estimated. The introduced model is based on directed graph structure, and it is parameterized by the employee's threat values obtained from the first stage of the presented approach. We want to investigate how malicious or unacceptable behavior of an employee may affect the behavior of other employees and how can we model and evaluate this issue? [ABSTRACT FROM AUTHOR]

Published

2023

16. Robust password security: a genetic programming approach with imbalanced dataset handling.

Author

Andelić, Nikola, Baressi S̆egota, Sandi, and Car, Zlatan

Subjects

*COMPUTER passwords, *RECEIVER operating characteristic curves, *GENETIC programming, *ARTIFICIAL intelligence, *DATA security failures

Abstract

Developing a method for determining password strength using artificial intelligence (AI) is crucial as it enhances cybersecurity by providing a more robust defense against unauthorized access. AI can analyze complex patterns and trends, allowing for the identification of weak passwords and potential vulnerabilities more effectively than traditional methods. This proactive approach helps users and organizations strengthen their security posture, reducing the risk of data breaches and unauthorized intrusions. In this paper, the genetic programming symbolic classifier (GPSC) was applied to the publicly available dataset to obtain a set of symbolic expressions for password strength classification with high classification accuracy. One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. The optimal GPSC hyperparameter values were found using the random hyperparameter value search method. The algorithm was trained using fivefold cross-validation (5FCV). One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. To evaluate obtained SEs, the evaluation metric accuracy, area under receiver operating characteristics curve, precision, recall, and f1-score were used. The obtained SEs on balanced dataset variations achieved high classification accuracy (0.99) and with the application of all SEs on the entire original imbalanced dataset achieved the same accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

17. Authorization and privacy preservation in cloud-based distributed ehr system using blockchain technology and anonymous digital ring signature.

Author

Grover, Bharti and Kushwaha, Dileep Kumar

Subjects

PRIVACY, BLOCKCHAINS, DATA security failures, SYSTEMS design, COMPARATIVE studies, CLOUD computing, MEDICAL ethics, ELECTRONIC health records, DIGITAL signatures, DATA encryption, ALGORITHMS

Abstract

Electronics-Health Care is one of the new ideas in the healthcare industry. For analyzing the patient's records, doctors need a centralized record of the patients, which gives useful and enormous information. There will be a threat of leaking of confidential e-health data, which will seriously endanger by modifying the health care data of medical and its individual entities. Protection of the confidential data of patients will be a primary constraint in the health care industry. There is a lot of progressiveness in the human services area as well as there is a lot of usage of the information gathered from various sensors and this information is stored in the cloud. As per the existing security algorithms, there is still some security breach and also it won't get satisfied with integrity and consistency while transferring the data from one vendor to others in the health care system. It also causes high spoofing of IP and side channel hackers. With the increase in the use of the internet, there is an increase in hacking also, especially in the health-care sector, e-commerce, military, and Education. Dealing with the huge volume of information in the electronics-healthcare area requires the processing of patient's information day by day and its memory allocation. Cloud is the best option to store these health records in a distributed manner rather than on a single server. So, whatever the information gathered from it will be encoded on block chain technology and an anonymous digital ring signature will be used to authorize the intended user and maintain the privacy of patient cloud-based data distributed Electronics health record system before sending the information to the cloud storage. In this paper, the protection of Personal data of the patient health data is enhanced with block chain and anonymous ring signatures in the e-healthcare cloud; thus making it suitable for real-time applications. [ABSTRACT FROM AUTHOR]

Published

2023

18. An Encryption Scheme Based on Grain Stream Cipher and Chaos for Privacy Protection of Image Data on IoT Network.

Author

Kumari, Punam and Mondal, Bhaskar

Subjects

IMAGE encryption, STREAM ciphers, DATA protection, INTERNET of things, DATA security failures, LINEAR operators

Abstract

IoT-enabled devices can collect information and act based on instructions over the Internet; they can sometimes communicate device to device. The IoT devices are mainly sensors that collect data and transmit over the internet to some base station or servers using a wireless medium like Bluetooth, Wi-Fi, etc. The transmitted data goes through multiple hierarchies of devices which makes it vulnerable to different attacks and data leaks which may cost the user badly. To resist these threats, a proper encryption scheme is required. A lightweight encryption (LWE) scheme is proposed in this paper for secure IoT devices using a piecewise linear chaotic map (PWLCM) and a Grain keystream generator (GKSG). It takes a plain image (PI) as input and scrambles the pixels-by-bit plain manipulation followed by XOR operation among the scrambled pixel values using pseudorandom number sequence (PRNS) generated by the PWLCM and GKSG. The test results show that the proposed method is secure and optimistic. [ABSTRACT FROM AUTHOR]

Published

2023

19. Three factor authentication system with modified ECC based secured data transfer: untrusted cloud environment.

Author

Vengala, Dilip Venkata Kumar, Kavitha, D., and Kumar, A. P. Siva

Subjects

DATA compression, CLOUD storage, SERVER farms (Computer network management), CLOUD computing, DATA security failures, DISCLOSURE, NEAR field communication

Abstract

Cloud computing (CC) is a technology that delivers its service by means of the internet. In the modern scenario, cloud storage services have gained attention. The cloud environment confronts data breaches expansively in cloud storage, which might bring about the disclosure of personal in addition to corporate data. Thus, the requirement arises for the creation of a more foremost authentication system. Customary authentication schemes depend on techniques, like Password Authentications Protocol (PAP), Challenge Handshakes Authentication Protocols (CHAP), as well as One-Time Pads (OTP), which are often susceptible to malevolent attacks as well as security threats. To shun such issues, this paper proposed a Modified ECC centred secure data transfer and a '3'-factor authentication scheme in the untrusted cloud environment. The proposed work comprises '3' steps: authentication, data compression, and safe data transfer. In the authentication phase, the SHA-512 algorithm along with CCP is utilized. After that, the user-uploaded data is compressed utilizing CHA on the server-side. Next, MECC encrypts the compressed data, and then, safely uploaded it to the cloud server (CS). In the investigational appraisal, the proposed work is contrasted with the prevailing methods. The outcomes proved that the proposed work renders better security than the prevailing methods. [ABSTRACT FROM AUTHOR]

Published

2023

20. Machine learning interpretability meets TLS fingerprinting.

Author

Jafari Siavoshani, Mahdi, Khajehpour, Amirhossein, Bideh, Amirmohammad Ziaei, Gatmiri, Amirali, and Taheri, Ali

Subjects

MACHINE learning, COMPUTER network protocols, INTERNET privacy, DATA security failures, INFORMATION networks, HUMAN fingerprints

Abstract

Protecting users' privacy over the Internet is of great importance; however, it becomes harder and harder to maintain due to the increasing complexity of network protocols and components. Therefore, investigating and understanding how data are leaked from the information transmission platforms and protocols can lead us to a more secure environment. In this paper, we propose a framework to systematically find the most vulnerable information fields in a network protocol. To this end, focusing on the transport layer security (TLS) protocol, we perform different machine-learning-based fingerprinting attacks on the collected data from more than 70 domains (websites) to understand how and where this information leakage occurs in the TLS protocol. Then, by employing the interpretation techniques developed in the machine learning community and applying our framework, we find the most vulnerable information fields in the TLS protocol. Our findings demonstrate that the TLS handshake (which is mainly unencrypted), the TLS record length appearing in the TLS application data header, and the IV field are among the most critical leaker parts in this protocol, respectively. [ABSTRACT FROM AUTHOR]

Published

2023

21. A blockchain-based privacy preservation scheme in multimedia network.

Author

Liu, Jianxing, Fan, Kai, Li, Hui, and Yang, Yintang

Subjects

BLOCKCHAINS, VERNACULAR architecture, DATA security failures, MULTIMEDIA communications, 5G networks, PRIVACY, BIG data

Abstract

With networking, big data and rapid development and wide application of 5G networks, traditional network architecture cannot handle massive amounts of media data generated by a large number of mobile or PC devices. In recent years, events on multimedia and data copyright violations of a substantial increase, data security and privacy protection of many original multimedia users is suffering an unprecedented challenge. On the other hand, due to the center and the invariance of the block chain, block chain has become a promising multimedia security technology. Blockchain technology provides a common, digitized and distributed books, P2P network composed of all peer nodes interconnected to each other, all participating nodes are equal, collaborative service, compared to traditional architecture under a single central point, can greatly reduce the risk of single point of failure. In this paper, based access scheme in combination with the secure multi-computing protocol blockchain system, the user needs to conduct the authentication system under the multi-computing in order to receive the data, greatly enhance the data safety of multimedia in complicated communication sceneries. In addition, the program mentioned in the text and related simulations and proof of security, usability and reliability can be guaranteed. [ABSTRACT FROM AUTHOR]

Published

2021

22. URLdeepDetect: A Deep Learning Approach for Detecting Malicious URLs Using Semantic Vector Models.

Author

Afzal, Sara, Asim, Muhammad, Javed, Abdul Rehman, Beg, Mirza Omer, and Baker, Thar

Subjects

UNIFORM Resource Locators, DEEP learning, K-means clustering, EMAIL, DATA security failures, INTERNET users

Abstract

Malicious Uniform Resource Locators (URLs) embedded in emails or Twitter posts have been used as weapons for luring susceptible Internet users into executing malicious content leading to compromised systems, scams, and a multitude of cyber-attacks. These attacks can potentially might cause damages ranging from fraud to massive data breaches resulting in huge financial losses. This paper proposes a hybrid deep-learning approach named URLdeepDetect for time-of-click URL analysis and classification to detect malicious URLs. URLdeepDetect analyzes semantic and lexical features of a URL by applying various techniques, including semantic vector models and URL encryption to determine a given URL as either malicious or benign. URLdeepDetect uses supervised and unsupervised mechanisms in the form of LSTM (Long Short-Term Memory) and k-means clustering for URL classification. URLdeepDetect achieves accuracy of 98.3% and 99.7% with LSTM and k-means clustering, respectively. [ABSTRACT FROM AUTHOR]

Published

2021

23. Preservation of Data Integrity in Public Cloud Using Enhanced Vigenere Cipher Based Obfuscation.

Author

Jaithunbi, A. K., Sabena, S., and Sairamesh, L.

Subjects

CIPHERS, DATA transmission systems, DATA security failures, DATA integrity, CLOUD computing, INFORMATION sharing, DATA protection

Abstract

Today's internet world is moving to cloud computing to maintain their public data privately in a secure way. In cloud scenarios, many security principles are implemented to maintain the secure transmission of data over the internet. And still, the main concern is about maintaining the integrity of our own data in the public cloud. Mostly, research works concentrate on cryptographic techniques for secure sharing of data but there is no such mentioned works available for data integrity. In this paper, a data masking technique called obfuscation is implemented which is used to protect the data from unwanted modification by data breaching attacks. In this work, enhanced Vigenere encryption is used to perform obfuscation that maintains the privacy of the user's data. Enhanced Vigenere encryption algorithm combined with intelligent rules to maintain the dissimilarity between the data masking to perform encryption with different sets of rules. This work mainly concentrates on data privacy with reduced time complexity for encryption and decryption. [ABSTRACT FROM AUTHOR]

Published

2023

24. Deep learning approach to security enforcement in cloud workflow orchestration.

Author

El-Kassabi, Hadeel T., Serhani, Mohamed Adel, Masud, Mohammad M., Shuaib, Khaled, and Khalil, Khaled

Subjects

WORKFLOW, DEEP learning, DATA security failures, DATA security, COVID-19

Abstract

Supporting security and data privacy in cloud workflows has attracted significant research attention. For example, private patients' data managed by a workflow deployed on the cloud need to be protected, and communication of such data across multiple stakeholders should also be secured. In general, security threats in cloud environments have been studied extensively. Such threats include data breaches, data loss, denial of service, service rejection, and malicious insiders generated from issues such as multi-tenancy, loss of control over data and trust. Supporting the security of a cloud workflow deployed and executed over a dynamic environment, across different platforms, involving different stakeholders, and dynamic data is a difficult task and is the sole responsibility of cloud providers. Therefore, in this paper, we propose an architecture and a formal model for security enforcement in cloud workflow orchestration. The proposed architecture emphasizes monitoring cloud resources, workflow tasks, and the data to detect and predict anomalies in cloud workflow orchestration using a multi-modal approach that combines deep learning, one class classification, and clustering. It also features an adaptation scheme to cope with anomalies and mitigate their effect on the workflow cloud performance. Our prediction model captures unsupervised static and dynamic features as well as reduces the data dimensionality, which leads to better characterization of various cloud workflow tasks, and thus provides better prediction of potential attacks. We conduct a set of experiments to evaluate the proposed anomaly detection, prediction, and adaptation schemes using a real COVID-19 dataset of patient health records. The results of the training and prediction experiments show high anomaly prediction accuracy in terms of precision, recall, and F1 scores. Other experimental results maintained a high execution performance of the cloud workflow after applying adaptation strategy to respond to some detected anomalies. The experiments demonstrate how the proposed architecture prevents unnecessary wastage of resources due to anomaly detection and prediction. [ABSTRACT FROM AUTHOR]

Published

2023

25. LSTM-AE-WLDL: Unsupervised LSTM Auto-Encoders for Leak Detection and Location in Water Distribution Networks.

Author

Kammoun, Maryam, Kammoun, Amina, and Abid, Mohamed

Subjects

WATER distribution, WATER leakage, LEAK detection, WATER pipelines, DETECTION limit, DATA security failures

Abstract

Basically, leaks and faults in water distribution pipelines beget fairly severe water loss and affects largely its potability. For this reason, leakage detection is extremely significant for the preservation of water resources and quality. This paper introduces a novel unsupervised RNN model for leakage detection and location. The elaborated approach relies upon a multivariate LSTM autoencoder, as well as a multithresholding to monitor all water distribution network zones. A threshold for each measurement point of water distribution network is determined to identify anomaly in hydraulic data and detect leak events. Furthermore, a statistical study is conducted to estimate the leak locations' area. Both flow and pressure data from different realistic water demands scenarios of the LeakDB benchmark are assessed. Experiment results corroborate the effectiveness and reliability of the proposed system for both data types. Detection sensitivity achieved 97% using pressure data and 100 % using flow data, with true leak zone identification for 95% of scenarios. [ABSTRACT FROM AUTHOR]

Published

2023

26. Privacy-preserving neural networks with Homomorphic encryption: Challenges and opportunities.

Author

Pulido-Gaytan, Bernardo, Tchernykh, Andrei, Cortés-Mendoza, Jorge M., Babenko, Mikhail, Radchenko, Gleb, Avetisyan, Arutyun, and Drozdov, Alexander Yu

Subjects

DATA security failures, ON-demand computing, MACHINE learning, CRYPTOSYSTEMS, BIG data

Abstract

Classical machine learning modeling demands considerable computing power for internal calculations and training with big data in a reasonable amount of time. In recent years, clouds provide services to facilitate this process, but it introduces new security threats of data breaches. Modern encryption techniques ensure security and are considered as the best option to protect stored data and data in transit from an unauthorized third-party. However, a decryption process is necessary when the data must be processed or analyzed, falling into the initial problem of data vulnerability. Fully Homomorphic Encryption (FHE) is considered the holy grail of cryptography. It allows a non-trustworthy third-party resource to process encrypted information without disclosing confidential data. In this paper, we analyze the fundamental concepts of FHE, practical implementations, state-of-the-art approaches, limitations, advantages, disadvantages, potential applications, and development tools focusing on neural networks. In recent years, FHE development demonstrates remarkable progress. However, current literature in the homomorphic neural networks is almost exclusively addressed by practitioners looking for suitable implementations. It still lacks comprehensive and more thorough reviews. We focus on the privacy-preserving homomorphic encryption cryptosystems targeted at neural networks identifying current solutions, open issues, challenges, opportunities, and potential research directions. [ABSTRACT FROM AUTHOR]

Published

2021

27. Hyperspectral image classification using an encoder-decoder model with depthwise separable convolution, squeeze and excitation blocks.

Author

Nguyen, Xuan Tung and Tran, Giang Son

Subjects

*IMAGE recognition (Computer vision), *DEEP learning, *DATA security failures, *REMOTE sensing, *DECODING algorithms, *HYPERGRAPHS

Abstract

Remote sensing is one of the major domains witnessing the increasingly significant interest in Hyperspectral image (HSI) classification. One recent approach achieving great success in HSI classification is deep learning. However, most current HSI classification methods are performed on small datasets, using overlapped sub-regions both for training and testing, causing information leakage. Data leaks lead to improper ideal classification results. Thus, more research work is still needed to boost classification performance for non-leaking methods. This paper proposes an Encoder-Decoder deep learning-based method that can further improve the accuracy of HSI classification. The method contains two main parts: an encoder and a decoder. The encoder consists of depthwise separable convolution, squeeze, and excitation blocks based on the popular MobileNetV3 deep learning network, and the decoder is inherited from the U-Net deep learning model. This encoder-decoder model aims to take into account the relationships between neighboring pixels when performing HSI pixel classification. Since the pixel distribution in an HSI dataset is usually imbalanced, the focal loss function is employed during the model's training process to counterbalance the weight difference between the pixel classes and avoid overfitting the classes with few pixels. For performance assessment, we carried out experiments on the AeroRIT dataset, consisting of non-overlapping training, validation, and test sets. We achieved an overall accuracy of 95.54% and a mean intersection over union score of 83.53%, setting state-of-the-art results on this dataset. [ABSTRACT FROM AUTHOR]

Published

2024

28. Telugu DNA for Safe Delivery: A Secured Text Communication.

Author

Aashiqbanu, S., Krishna Murthy, B., Bindu Sai, G., Sowmya, Gali, Hemaswitha, Kalluru, and Amirtharajan, Rengarajan

Subjects

DATA security failures, GENETIC algorithms, DNA

Abstract

Data breaches are security conflicts in which information is assessed without authorisation. Encrypting the information using legitimate languages is an efficient method for securing it from cryptanalysis. In this paper, a hybrid Telugu cryptography is proposed based on Genetic DNA algorithm by mapping it in Unicode. Confusion and diffusion are performed to strengthen the algorithm's security in four stages; pre-processing, reshape, crossover, and mutation. Finally, it is XORed with a pseudo-random chaotic logistic map as a secret keystream for its high randomness. Also, anyone who endeavours to decrypt must know the Telugu language, the mapping index, and genetic algorithm details to recognise the original data. This algorithm divulges a more substantial avalanche effect, which is outstanding than Blowfish, AES and DES. The evaluation proves it executes faster than other algorithms and has comparatively lesser encryption time with less memory overhead. Therefore it attains an average entropy of 5.83, a keyspace of 2230≈1069 respectively. [ABSTRACT FROM AUTHOR]

Published

2022

29. A ROI-based high capacity reversible data hiding scheme with contrast enhancement for medical images.

Author

Liang, Dong, Yang, Yang, Zhang, Weiming, and Yu, Nenghai

Subjects

IMAGE quality in medical radiography, CLOUD storage, REVERSIBLE data hiding (Computer science), HISTOGRAMS, DATA security failures

Abstract

In this paper, we attempt to investigate the secure archiving of medical images which are stored on semi-trusted cloud servers, and focus on addressing the complicated and challenging integrity control and privacy preservation issues. With the intention of protecting the medical images stored on a semi-trusted server, a novel ROI-based high capacity reversible data hiding (RDH) scheme with contrast enhancement is proposed in this paper. The proposed method aims at improving the quality of the medical images effectively and embedding high capacity data reversibly meanwhile. Therefore, the proposed method adopts “adaptive threshold detector” (ATD) segmentation algorithm to automatically separate the “region of interest” (ROI) and “region of non-interest” (NROI) at first, then enhances the contrast of the ROI region by stretching the grayscale and embeds the data into peak bins of the stretched histogram without extending the histogram bins. Lastly, the rest of the required large of data are embedded into NROI region regardless its quality. In addition, the proposed method records the edge location of the segmentation instead of recording the location of the overflow and underflow. The experiment shows that the proposed method can improve the quality of medical images obviously whatever in low embedding rate or high embedding rate when compared with other contrast-based RDH methods. [ABSTRACT FROM AUTHOR]

Published

2018

30. Security assurance of MongoDB in singularity LXCs: an elastic and convenient testbed using Linux containers to explore vulnerabilities.

Author

Dissanayaka, Akalanka Mailewa, Mengel, Susan, Gittner, Lisa, and Khan, Hafiz

Subjects

HIGH performance computing, DATA security, COMPUTER security vulnerabilities, DATA security failures, SYSTEMS software, ACCESS control

Abstract

It is essential to ensure the data security of data analytical frameworks as any security vulnerability existing in the system can lead to a data loss or data breach. This vulnerability may occur due to attacks from live attackers as well as automated bots. However inside attacks are also becoming more frequent because of incorrectly implemented security requirements and access control policies. Thus, it is important to understand security goals and formulate security requirements and access control policies accordingly. Therefore, it is equally important to identify the existing security vulnerabilities of a given software system. To find the available vulnerabilities against any system, it is mandatory to conduct vulnerability assessments as scheduled tasks in a regular manner. Thus, an easily deployable, easily maintainable, accurate vulnerability assessment testbed or a model is helpful as facilitated by Linux containers. Nowadays Linux containers (LXCs) which have operating system level virtualization, are very popular over virtual machines (VMs) which have hypervisor or kernel level virtualization in high performance computing (HPC) due to reasons, such as high portability, high performance, efficiency and high security (Chae et al in Clust Comput 22:1765-1775, 2019. 10.1007/s10586-017-1511-2). Hence, LXCs can make an efficient and scalable vulnerability assessment testbed or a model by using already developed analyzing tools such as OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, Nessus, OWASP Zed Attack Proxy, and OpenSCAP, to assure the required security level of a given system very easily. To verify the overall security of any given software system, this paper first introduces a virtual, portable and easily deployable vulnerability assessment general testbed within the Linux container network. Next, the paper presents, how to conduct experiments using this testbed on a MongoDB database implemented in Singularity Linux containers to find the available vulnerabilities in 1. MongoDB application itself, 2. Images accompanied by containers, 3. Host, and 4. Network by integrating seven tools: OpenVas, Dagda, PortSpider, MongoAudit, NMap, Metasploit Framework, and Nessus to the container-based testbed. Finally, it discusses how to use generated results to improve the security level of the given system. [ABSTRACT FROM AUTHOR]

Published

2020

31. An efficient method for privacy-preserving trajectory data publishing based on data partitioning.

Author

Li, Songyuan, Shen, Hong, Sang, Yingpeng, and Tian, Hui

Subjects

DATA security failures, DATABASES, DATA warehousing, DATA protection

Abstract

Since Osman Abul et al. first proposed the k-anonymity-based privacy protection for trajectory data, researchers have proposed a variety of trajectory privacy-preserving methods. These methods mainly adopt a static anonymity algorithm, which only focusing on the trajectories in a specific time span, directly anonymizes data and publishes them without considering dynamic nature of trajectory data as the new time slice arriving. Furthermore, due to its correlation with time and position, the trajectory data is produced in large scale and many sensitive attributes; the traditional k-anonymity-based privacy-preserving models need to recalculate the last released trajectory data, which will increase the computing cost and reduce the availability of the released trajectories, are not fit for privacy protection in large-scale trajectory data. Therefore, this paper presents a method to dynamically publish the large-scale vehicle trajectory data with privacy protection under (k , δ) security constraints. According to the spatial and temporal characteristics of vehicle trajectory data, this paper first proposes a method to partition the trajectory data for storage and computation. We choose the sample point (x i , y i) at time t i as partition points and store the partitions of the trajectory data according to the time sequence and location of the running vehicle. This results in the efficient trajectory scanning, clustering and privacy protection. We use (x i , y i , t m - t n) to represent the identifier of trajectory data to publish, use the generalize function to cluster trajectory data under the (k , δ) security constraints. Through this way, we can effectively process the trajectory in every data partition as time goes on and need not to recalculate the released trajectories, effectively reduce the computing cost. Through experiments on real trajectory data and Oldenburg trajectory data, confirming the data partitioning method in privacy-preserving large-scale trajectory data publishing under the security constraint of (k , δ) , and the l-diversity. By the experimental comparison, our method maintains a least level of computing cost and higher data availability. [ABSTRACT FROM AUTHOR]

Published

2020

32. Patient's data privacy and security in mHealth applications: a Charles proxy-based recommendation.

Author

Rajput, Ahmed Raza, Masood, Isma, Tabassam, Almas, Aslam, Muhammad Shamrooz, ShaoYu, Zhang, and Rajput, Mehreen Aslam

Subjects

*DATA privacy, *DATA security, *SECURE Sockets Layer (Computer network protocol), *MOBILE health, *DATA security failures, *MEDICAL communication

Abstract

Mobile Health (mHealth) applications play an essential role in healthcare. The usage of mHealth apps is rapidly increasing, and it provides services, such as vitals, medication, and appointments, to patients and physicians. These apps significantly ease for patients to manage their health. Using sensitive health information and communication channels by mHealth apps has potential privacy and security hazards for patient's privacy and security. mHealth apps are primarily dependent on a remote server online. Someone can monitor, alter, and divert communication through public infrastructure. Many mHealth applications did not utilize any encryption method for client–server communication, making it an imminent risk for patients' data security and privacy. In this study, we proposed a framework to develop the mHealth application and apply the security parameters to reduce the risk of data breaches, such as data confidentiality, integrity, and availability. Also, the study aims to identify the transport layer security issues relevant to the client–server of mHealth apps. To test the health data subset of Android and iOS apps collected from their Play Store and evaluate client security by the Charles Proxy tool. At the end of the paper, we presented the principal results of how many apps have vulnerabilities concerned with transport security. We compared our results for the transport layer of SSL and TLS certificates and chipper suit strength to show the performance of our proposed framework. [ABSTRACT FROM AUTHOR]

Published

2023

33. Towards a fully homomorphic symmetric cipher scheme resistant to plain-text/cipher-text attacks.

Author

Hariss, Khalil and Noura, Hassan

Subjects

CHINESE remainder theorem, BLOCK ciphers, CIPHERS, IMAGE encryption, DATA security failures, MATHEMATICAL optimization, COMPUTATIONAL complexity

Abstract

Users' privacy becomes nowadays an important need and a big challenge for a lot of enterprises and service providers especially after adopting the cloud migration strategy. Thus, Homomorphic Encryption (HE) came as a novel cryptographic approach that enables users' privacy at the cloud side by allowing computation over encrypted data. Existing HE schemes are based on either symmetric or asymmetric encryption algorithms. While asymmetric HE schemes provide the high and the required level of security, they suffer from high computational complexity and high storage overhead making a big majority of them not practical for real world applications. On the other hand, symmetric schemes assure the required efficiency, but they are vulnerable to attacks and especially the known plain-text/cipher-text attacks making their usage limited in practical implementation. The main objective of this paper is to design a new symmetric HE variant that provides the desired level of efficiency in implementation and the immunity against data breaches especially the known plain-text/cipher-text attacks. The proposed scheme, named Homomorphic Hybrid Symmetric Encryption Scheme (HHSES), which is based on combining the homomorphic behavior of two well-known symmetric encryption schemes that are the MORE (Matrix Operation for Randomization and Encryption) approach and the Domingo Ferrer (DF) scheme. The performance analysis of HHSES confirms its efficiency for real-world applications in comparison with a big variety of existing and well known symmetric and asymmetric schemes. A main drawback of HHSES is the cipher-text dimension expansion after the homomorphic multiplication since homomorphic operations are restricted to polynomial operations over the matrices. Therefore, to fix this issue, we propose a specific Key Switching (KS) technique after the homomorphic multiplication that reduces the cipher-texts' dimension without altering its homomorphic behavior and the primitive classified data. Security analysis of the new scheme also verifies its immunity against different types of attacks and especially the known plain-text/cipher-text attacks. Another important contribution in this work is the optimization of the HHSES encryption and decryption procedures by making them parallelized using the Chinese Remainder Theorem (CRT). The implementation results have shown that the proposed optimization technique reduces the execution time of the HHSE encryption and decryption algorithms with a ratio close to 1 2 . To the best of our knowledge, HHSES is the first symmetric HE scheme immune against the known/chosen plain-text/cipher-text attacks. [ABSTRACT FROM AUTHOR]

Published

2022

34. Trust and The Acquisition and Use of Public Health Information.

Author

Holland, Stephen, Cawthra, Jamie, Schloemer, Tamara, and Schröder-Bäck, Peter

Subjects

PRIVACY, DATA security failures, MANAGEMENT of medical records, PUBLIC health, MEDICAL ethics, DATA security, TRUST, HEALTH promotion

Abstract

Information is clearly vital to public health, but the acquisition and use of public health data elicit serious privacy concerns. One strategy for navigating this dilemma is to build 'trust' in institutions responsible for health information, thereby reducing privacy concerns and increasing willingness to contribute personal data. This strategy, as currently presented in public health literature, has serious shortcomings. But it can be augmented by appealing to the philosophical analysis of the concept of trust. Philosophers distinguish trust and trustworthiness from cognate attitudes, such as confident reliance. Central to this is value congruence: trust is grounded in the perception of shared values. So, the way to build trust in institutions responsible for health data is for those institutions to develop and display values shared by the public. We defend this approach from objections, such as that trust is an interpersonal attitude inappropriate to the way people relate to organisations. The paper then moves on to the practical application of our strategy. Trust and trustworthiness can reduce privacy concerns and increase willingness to share health data, notably, in the context of internal and external threats to data privacy. We end by appealing for the sort of empirical work our proposal requires. [ABSTRACT FROM AUTHOR]

Published

2022

35. Privacy-preserving and Utility-aware Participant Selection for Mobile Crowd Sensing.

Author

Azhar, Shanila, Chang, Shan, Liu, Ye, Tao, Yuting, and Liu, Guohua

Subjects

DATA security failures, INTEGER programming, BID price, DATA quality, FEATURE selection, CROWDSENSING

Abstract

Mobile Crowd Sensing (MCS) is an emerging paradigm, it engages ordinary mobile device users to effectively contribute sensed data using mobile applications. The unique characteristics of MCS bring a lot of new challenges. First, contributing valuable data quality utilizes users' mobile resources, and private information; making it essential to adequately reward the participants however the Service Provider (SP) usually has a limited budget. Second, sensitive information is vulnerable to information leaks (such as sensed data reports and sensing locations) as the sensing tasks in MCS are location-based; demanding a proper privacy protection scheme. Last, the SP targets to maximize the data utility, which implies not only the requirements of high-quality data but also large geographical coverage of sensing data, with a limited budget. To address the participants' privacy and selection issues, this paper proposes a novel Privacy-preserving and utility-aware participant selection scheme PUPS. Firstly, we claim that the total data utility of a set of participants within a certain area should be calculated according to the data quality of each participant and the location coverage of the sensing data. Secondly, a participant selection scheme has been proposed, which determines a set of participants with maximum total data utility under the budget constraint, and shows that it is a Quadratic Integer Programming problem. We show that our optimization problem is a quadratic integer programming problem. Further to preserve the data qualities and location privacy of participants, homomorphic encryption-based euclidean distance and one-time padding schemes are integrated. Extensive simulations have been conducted to solve the selection problem. Through performance evaluation, we demonstrate the accuracy, efficacy, and scalability of PUPS by comparing it with three other selection schemes; Data Quality First Selection (DQFS), Lowest Bid Price First Selection (LBFS), and Random Selection (RS), respectively. The simulation results further show that our proposed scheme is effective and offers a higher level of privacy protection and maximum data utility. [ABSTRACT FROM AUTHOR]

Published

2022

36. An improved secure certificateless public-key searchable encryption scheme with multi-trapdoor privacy.

Author

Yang, Guang, Guo, Junling, Han, Lidong, Liu, Xuejiao, and Tian, Chengliang

Subjects

PUBLIC key cryptography, PRIVACY, DATA security failures, CLOUD storage

Abstract

In cloud, sensitive data is stored in an encrypted form, and searchable encryption is a technique which allows user to search over encrypted data by keyword and it leaks no useful information. However, the secure searchable encryption scheme which can prevent inside keyword guessing attacks (IKGA) and satisfy multi-trapdoor privacy has not been proposed. We first review the security of Wu et al.'s scheme and demonstrate that their scheme is insecure under IKGA and multi-keyword guessing attacks in this paper. To solve these issues, we propose an improved certificateless public key searchable encryption scheme. Furthermore, we give the proof of the security of our scheme under the computational bilinear Diffie-Hellman assumption. It shows that our scheme can resist IKGA successfully, and provides multi-ciphertext indistinguishability and multi-trapdoor privacy. The better performance is shown in our experiment. [ABSTRACT FROM AUTHOR]

Published

2022

37. Breaking MPC implementations through compression.

Author

Resende, João S., Sousa, Patrícia R., Martins, Rolando, and Antunes, Luís

Subjects

INVESTMENT analysis, DATA security failures, SOURCE code, CRYPTOGRAPHY, ENTROPY (Information theory), IMAGE compression

Abstract

There are many cryptographic protocols in the literature that are scientifically and mathematically sound. By extension, cryptography today seeks to respond to numerous properties of the communication process beyond confidentiality (secrecy), such as integrity, authenticity, and anonymity. In addition to the theoretical evidence, implementations must be equally secure. Due to the ever-increasing intrusion from governments and other groups, citizens are now seeking alternatives ways of communication that do not leak information. In this paper, we analyze multiparty computation (MPC), which is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. This is a very useful method that can be used, for example, to carry out computations on anonymous data without having to leak that data. Thus, due to the importance of confidentiality in this type of technique, we analyze active and passive attacks using complexity measures (compression and entropy). We start by obtaining network traces and syscalls, then we analyze them using compression and entropy techniques. Finally, we cluster the traces and syscalls using standard clustering techniques. This approach does not need any deep specific knowledge of the implementations being analyzed. This paper presents a security analysis for four MPC frameworks, where three were identified as insecure. These insecure libraries leak information about the inputs provided by each party of the communication. Additionally, we have detected, through a careful analysis of its source code, that SPDZ-2's secret sharing schema always produces the same results. [ABSTRACT FROM AUTHOR]

Published

2019

38. Incentive-driven attacker for corrupting two-party protocols.

Author

Wang, Yilei, Metere, Roberto, Zhou, Huiyu, Cui, Guanghai, and Li, Tao

Subjects

MULTICASTING protocols, DATA security failures, COMPUTER crimes, CRYPTOGRAPHY, CLOUD computing security measures

Abstract

Adversaries in two-party computation may sabotage a protocol, leading to possible collapse of the information security management. In practice, attackers often breach security protocols with specific incentives. For example, attackers manage to reap additional rewards by sabotaging computing tasks between two clouds. Unfortunately, most of the existing research works neglect this aspect when discussing the security of protocols. Furthermore, the construction of corrupting two parties is also missing in two-party computation. In this paper, we propose an incentive-driven attacking model where the attacker leverages corruption costs, benefits and possible consequences. We here formalize the utilities used for two-party protocols and the attacker(s), taking into account both corruption costs and attack benefits. Our proposed model can be considered as the extension of the seminal work presented by Groce and Katz (Annual international conference on the theory and applications of cryptographic techniques, Springer, Berlin, pp 81-98, 2012), while making significant contribution in addressing the corruption of two parties in two-party protocols. To the best of our knowledge, this is the first time to model the corruption of both parties in two-party protocols. [ABSTRACT FROM AUTHOR]

Published

2018

39. Utility analysis on privacy-preservation algorithms for online social networks: an empirical study.

Author

Zhang, Cheng, Jiang, Honglu, Cheng, Xiuzhen, Zhao, Feng, Cai, Zhipeng, and Tian, Zhi

Subjects

SOCIAL networks, ONLINE algorithms, VIRTUAL communities, ONLINE social networks, DATA security failures, GRAPH algorithms, ALGORITHMS, PERSONAL names

Abstract

Social networks have gained tremendous popularity recently. Millions of people use social network apps to share precious moments with friends and family. Users are often asked to provide personal information such as name, gender, and address when using social networks. However, as the social network data are collected, analyzed, and re-published at a large scale, personal information might be misused by unauthorized third parties and even attackers. Therefore, extensive research has been carried out to protect the data from privacy violations in social networks. The most popular technique is graph perturbation, which modifies the local topological structure of a social network user (a vertex) via various randomization techniques before the social graph data is published. Nevertheless, graph anonymization may affect the usability of the data as random noises are introduced, decreasing user experience. Therefore, a trade-off between privacy protection and data usability must be sought. In this paper, we employ various graph and application utility metrics to investigate this trade-off. More specifically, we conduct an empirical study by implementing five state-of-the-art anonymization algorithms to analyze the graph and application utilities on a Facebook and a Twitter dataset. Our results indicate that most anonymization algorithms can partially or conditionally preserve the graph and application utilities and any single anonymization algorithm may not always perform well on different datasets. Finally, drawing on the reviewed graph anonymization techniques, we provide a brief overview on future research directions and challenges involved therein. [ABSTRACT FROM AUTHOR]

Published

2021

40. A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture.

Author

Govender, S.G., Kritzinger, E., and Loock, M.

Subjects

INFORMATION technology security, DATA security failures, INFORMATION resources management, SECURITY management, SUSTAINABILITY

Abstract

Information security data breaches are becoming larger and more frequent. Incorporating information security into the culture of the information technology (IT) staff members that support these technologies is a key function that must be considered in parallel to improved security technology. The framework proposed in this paper considers focusing on cost-reducing products, services and structures while building the correct behaviour and values in IT staff members and strengthening their ability to improve information security assessment capabilities in the organization to better support information security management. A tool to evaluate the framework is also described as well as concise feedback on how the framework and tool was tested in a few organizations. [ABSTRACT FROM AUTHOR]

Published

2021

41. Designated server-aided revocable identity-based keyword search on lattice.

Author

Guo, Ying, Meng, Fei, Cheng, Leixiao, Dong, Xiaolei, and Cao, Zhenfu

Subjects

PUBLIC key cryptography, KEYWORD searching, CRYPTOSYSTEMS, DATA security failures

Abstract

Public key encryption scheme with keyword search is a promising technique supporting search on encrypted data without leaking any information about the keyword. In real applications, it's critical to find an effective revocation method to revoke users in multi-user cryptosystems, when user's secret keys are exposed. In this paper, we propose the first designated server-aided revocable identity-based encryption scheme with keyword search (dSR-IBKS) from lattice. The dSR-IBKS model requires each user to keep just one private key corresponding with his identity and does not need to communicate with the key generation center or the server during key updating. We have proved that our scheme can achieve chosen keyword indistinguishability in the standard model. In particular, our scheme can designate a unique tester to test and return the search results, therefore no other entity can guess the keyword embedded in the ciphertext by generating search queries and doing the test by itself. We provide a formal security proof of our scheme assuming the hardness of the learning with errors problem on the standard model. [ABSTRACT FROM AUTHOR]

Published

2021

42. Marx, Foucault, and state–corporate harm: a case study of regulatory failure in Australian non-prescription medicine regulation.

Author

Bandiera, Rhiannon

Subjects

PRODUCT failure, MANUFACTURED products, GOVERNMENTALITY, DATA security failures, AUSTRALIANS

Abstract

Risk-based regulation has underpinned Australian prescription and non-prescription medicine regulation for over three decades. However, data consistently demonstrate high rates of non-compliance among non-prescription medicine sponsors, with most breaches a result of inappropriate labelling and advertising, a lack of evidence to substantiate therapeutic claims, and product formulation and manufacturing. This paper seeks to understand why the regime fails to achieve compliance from non-prescription medicine sponsors. Using a state–corporate harm lens, and Marxist and Foucauldian perspectives, it is argued that regulatory failure is the product of the regime's congruence with neoliberal governmentality. This governmentality is inextricably linked to a neoliberal market hegemony that attempts to minimize forms of market intervention detrimental to the accumulation of capital. [ABSTRACT FROM AUTHOR]

Published

2021

43. A blockchain-based privacy-preserving 5G network slicing service level agreement audit scheme.

Author

Xiao, Ke, Geng, Ziye, He, Yunhua, Xu, Gang, Wang, Chao, and Tian, Yutong

Subjects

BLOCKCHAINS, SERVICE level agreements, 5G networks, AUDITING, DATA security failures

Abstract

Network slicing, as a key technique of 5G, provides a way that network operators can segment multiple virtual logic on the same physical network and each customer can order specific slicing which can meet his requirement of 5G service. The service level agreement of network slicing (NS-SLA) of 5G, as a business agreement signed between the network operators and the customers, specifies the relevant requirements for the 5G services provided by the network operators. However, the authenticity of auditing results may not be guaranteed and the customer's data may be leaked in the existing NS-SLA audit scheme. In this paper, a blockchain-based 5G network slicing NS-SLA audit model is proposed to address the above problems. The blockchain is applied as a public platform and all the dual monitored service parameters will be stored on the blockchain to ensure the authenticity of data. A trapdoor order-revealing encryption algorithm is introduced to audit strategy, which can encrypt the monitored parameters, realize the comparison over ciphertexts and prevent the privacy of data from leaking. Besides, an NS-SLA audit smart contract is designed to implement the audit task and execute corresponding punishment strategies automatically. We make experiments to exam the cost of the blockchain-based system and the results found clear support for the feasibility of the proposed model. [ABSTRACT FROM AUTHOR]

Published

2021

44. Dynamic analysis of residential and enterprise water supply and leakage efficiencies.

Author

Li, Ying, Chiu, Yung-ho, Li, Yushan, Cen, Hongyi, and Lin, Tai-Yu

Subjects

WATER supply, WATER leakage, DATA envelopment analysis, WATER use, WATER efficiency, DATA security failures

Abstract

With per capita water resources at only around a quarter of the world average, China's water resources are limited and unevenly distributed. Past research on water resource utilization has mainly focused on industrial water use (agriculture and industry), water plant ownership efficiencies (private or public operation), or water resources and economic production; however, there have been few studies focused on water supply livelihood. Therefore, this paper considered both industrial production water services, non-production water services (public sector and residential water use), and water leakage losses, which is a water supply problem seldom mentioned in other studies. An undesirable directional distance function (DDF) dynamic data envelopment analysis (DEA) model was employed for the dynamic analysis as it was able to deal with both desirable and undesirable outputs at the same time. The model examined collected water supply and water leak efficiency data from 30 Chinese provinces/municipalities from 2007 to 2018, from which it was found that (1) Beijing, Gansu, Guangdong, and Ningxia had efficient water supply and water leak losses from 2007 to 2018 and the most improved province was Jiangxi; (2) the eastern provinces, in general, had better water efficiencies and the central and western provinces needed greater improvements; and (3) the lowest water leakage loss efficiencies were in Inner Mongolia, Jiangxi, and Heilongjiang, all of which required significant improvements. [ABSTRACT FROM AUTHOR]

Published

2021

45. An optimistic technique to detect Cache based Side Channel attacks in Cloud.

Author

Sangeetha, G. and Sumathi, G.

Subjects

DATA security failures, DATA security, CACHE memory, INFORMATION technology security, CLOUD computing, VICTIMS

Abstract

Data security is the most critical field in Cloud Computing. The Critical data can leak through unpredictable side channels, posing very risky threats to information security. The Cache-based Side Channel Attacks (CSCAs) is one of the most challenging attacks. Different secure cache architectures have been proposed to defend against these attacks. But these solutions are not reliable to detect and prevent those attacks. Detection of CSCAs is a very important research-related problem. In this paper we demonstrated the detection of CSCAs. We measured the vCPU cycle, virtual memory utilization and cache miss rate to detect the attackers. We illustrated Prime + Probe attack, Flush + Flush attack, and Flush + Reload attack on the AES cryptosystem. Our detection technique is compared with the existing detection solution to demonstrate the accuracy. Our proposed work is achieved 92.5% accuracy to detect the CSC attacks. With the help of our proposed system the Cloud Service Providers(CSPs) can identify the attackers of VMs and host machines to safe guard victim users from the CSCA. [ABSTRACT FROM AUTHOR]

Published

2021

46. Distributed Denial of Service (DDoS) Attack in Cloud- Assisted Wireless Body Area Networks: A Systematic Literature Review.

Author

Latif, Rabia, Abbas, Haider, and Assar, Saïd

Subjects

COMPUTER viruses, MEDICAL ethics, PRIVACY, RESEARCH funding, TCP/IP, SYSTEMATIC reviews, WIRELESS LANs, DATA security, DATA security failures, CLOUD computing

Abstract

The article discuses a review paper which aimed to identify the most threatening types of distributed denial of service (DDoS) attacks that affect the availability of a cloud-assisted Wireless Body Area Networks (WBANS) and review the state-of-the-art detection mechanisms for the identified DDoS attacks. The research involved a systematic review of the existing literature about security issues in a cloud-assisted WBAN.

Published

2014

47. Fast Automated Processing and Evaluation of Identity Leaks.

Author

Jaeger, David, Graupner, Hendrik, Pelchen, Chris, Cheng, Feng, and Meinel, Christoph

Subjects

DATA security failures, DATA security, COMPUTER crimes, PARALLEL processing, ELECTRONIC data processing

Abstract

The relevance of identity data leaks on the Internet is more present than ever. Almost every week we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to the processing and analysis of a vast majority of bigger and smaller leaks. We evolved from a semi-manual to a fully automated process that requires a minimum of human interaction. Our contribution is the concept and a prototype implementation of a leak processing workflow that includes the extraction of digital identities from structured and unstructured leak-files, the identification of hash routines and a quality control to ensure leak authenticity. By making use of parallel and distributed programming, we are able to make leaks almost immediately available for analysis and notification after they have been published. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed. We publish those results and hope to increase not only security awareness of Internet users but also security on a technical level on the service provider side. [ABSTRACT FROM AUTHOR]

Published

2018

48. Performance Analysis of Privacy Protection System During Data Transfer in MANETs.

Author

Bhati, Bhawani Shanker and Venkataram, Pallapa

Subjects

AD hoc computer networks, BIT rate, DATA security failures, COMPUTER simulation, DATA security

Abstract

The openness of a Mobile Adhoc network (MANET) makes it vulnerable to various attacks that can breach privacy, and this demands a privacy protection system. In this paper, we propose a privacy protection system with flexible and adaptable policies to protect privacy during data transfer based on application and context attributes. We also provide the performance analysis model to test the suitability of policies for maintaining privacy, which is essential for the real-time implementation of this system in a resource-limited MANET. Finally, the proposed privacy protection system is compared with previous works using simulations, and the results obtained show the effectiveness of the proposed privacy protection system. [ABSTRACT FROM AUTHOR]

Published

2018

49. CryptoGA: a cryptosystem based on genetic algorithm for cloud data security.

Author

Tahir, Muhammad, Sardaraz, Muhammad, Mehmood, Zahid, and Muhammad, Shakoor

Subjects

GENETIC algorithms, DATA security, DATA integrity, DATA security failures, CLOUD computing, GENETIC models

Abstract

Cloud Computing is referred to as a set of hardware and software that are being combined to deliver various services of computing. The cloud keeps the services for delivery of software, infrastructure, and platform over the Internet based on the user's demand. In the IT industry, cloud computing plays an important role to access services anywhere in the world. With increasing demand and popularity of cloud computing, several types of threats and vulnerabilities are also increased. Data integrity and privacy are the key issues in cloud computing and are thoughtful as the data is stored in different geographical locations. Therefore, data integrity and privacy protection provisions are the most prominent factors of user's concerns about the cloud computing environment. In this paper, a new model based on a genetic algorithm (GA) CryptoGA is proposed to cope with data integrity and privacy issues. GA is used to generate keys for encryption and decryption which are integrated with a cryptographic algorithm to ensure privacy and integrity of cloud data. Known and common parameters i.e. execution time, throughput, key size, and avalanche effect are considered for evaluation and comparison. Ten different datasets are used in experiments for testing and validation. Experimental results analysis show that the proposed model ensures the integrity and preserves the privacy of the user's data against unauthorized parties. Moreover, the CryptoGA is robust and provides better performance on selected parameters as compared to state-of-the-art cryptographic algorithms i.e. DES, 3DES, RSA, Blowfish, and AES. [ABSTRACT FROM AUTHOR]

Published

2021

50. Blockchain based Privacy Preserving User Authentication Protocol for Distributed Mobile Cloud Environment.

Author

Vivekanandan, Manojkumar, V. N., Sastry, and U., Srinivasulu Reddy

Subjects

CLOUD computing, IDENTITY (Psychology), COMPUTING platforms, BLOCKCHAINS, DATA security failures, PRIVACY

Abstract

The development in cloud computing platforms has resulted, hosting many day-to-day service applications in the cloud. To avail the services provided by different cloud service providers (CSPs), the mobile user has to register his/her identity with the CSPs. The mobile user (MU) has to remember multiple identities and credentials to access various CSPs. Many single sign-on schemes have been proposed in the literature to eliminate multiple registrations by mobile users to access CSPs. Most of these schemes rely on a trusted third party known as Registration Authority Center (RAC), which is a centralized entity to manage the identity information of all the mobile users registered with it. The centralized RAC has two operational problems, i.e., RAC has full control over the data it possesses, resulting in the possibility of the data breach and increased risk of single-point-of-failure. In this paper, we propose a blockchain based privacy preserving user authentication protocol for distributed mobile cloud environment, which solves these two traditional problems with centralized registration centers. In proposed protocol, the registration of MU and CSP are performed through public blockchain network for MU to access CSPs and the authentication was performed between MU and CSP through public blockchain. The public blockchain network stores MU and CSPs identity information. Public blockchain network provides integrity to the data stored in it and secures the system from single-point-of-failure. In addition, security analysis and performance analysis were also performed for proposed protocol and it showed that the proposed protocol is secure from all-known attacks with better performance efficiency. [ABSTRACT FROM AUTHOR]

Published

2021