Your search keyword '"Access control"' showing total 48,632 results

1. Age Verification Systems Will Be a Personal Identifiable Information Nightmare.

Author

Scheffler, Sarah

Subjects

*AGE verification systems, *ELECTRONIC authentication, *ACCESS control, *INTERNET privacy, *INTERNET privacy laws, *PERSONALLY identifiable information, *RIGHT of privacy, *INTERNET & children

Abstract

The article focuses on how online age verification systems will be a problem for internet privacy. The author discusses new laws that attempt to improve online child safety with an age verification system, the lawsuits that have challenged these laws in Arkansas, Texas, California, Louisiana, and Utah, and how the laws go beyond checking ID, but collecting personally identifiable information (PII).

Published

2024

2. Guide to Attribute Based Access Control (ABAC) definition and considerations

Author

Hu, V. C.

Subjects

Access control, Access control mechanism, Access control model, Access control policy, Attribute based access control (ABAC), Authorization, Privilege

Abstract

Abstract: This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

Published

2014

3. Smart Environments: Information Flow Control in Smart Grids

Author

Anagnostopoulou, Argiro, Gritzalis, Dimitris, Mavridis, Ioannis, Kantas, Panagiotis, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Pitropakis, Nikolaos, editor, and Katsikas, Sokratis, editor

Published

2025

4. Controlled Multi-client Functional Encryption for Flexible Access Control

Author

Zhang, Mingwu, Zhong, Yulu, Wang, Yifei, Wang, Yuntao, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published

2025

5. POP-HIT: Partially Order-Preserving Hash-Induced Transformation for Privacy Protection in Face Recognition Access Control

Author

Dubasi, Yatish, Li, Qinghua, Luu, Khoa, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

6. Enhancing Cross-Device Security with Fine-Grained Permission Control

Author

Hu, Han, Wang, Daibin, Hong, Tailiang, Zhang, Sheng, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

7. Information Security and Cloud Computing

Author

Gupta, Pramod, Sehgal, Naresh Kumar, Acken, John M., Gupta, Pramod, Sehgal, Naresh Kumar, and Acken, John M.

Published

2025

8. An efficient texture descriptor based on local patterns and particle swarm optimization algorithm for face recognition.

Author

Fadaei, Sadegh, Dehghani, Abbas, RahimiZadeh, Keyvan, and Beheshti, Amin

Subjects

*PARTICLE swarm optimization, *HUMAN facial recognition software, *FEATURE extraction, *RECEIVER operating characteristic curves, *ACCESS control

Abstract

Face recognition is used in many applications such as access control, automobile security, criminal identification, immigration, healthcare, cyber security, and so on. Each person has his/her own unique face, so the face can help distinguish people from each other. Feature extraction process plays a fundamental role in accuracy of face recognition, and many algorithms have been presented to extract more informative features from the face image. In this paper, an efficient texture descriptor is proposed based on local information of the face image. In the proposed method, at first, face image is split into several sub-images in such a way that each sub-image includes one of the facial parts such as eyes, nose, and lips. Second, texture features are extracted from each sub-image using a new local pattern descriptor, and then features of sub-images are concatenated to construct feature vector. Finally, the face image is compared to images in a dataset based on a similarity measure. In addition, particle swarm optimization algorithm is used to assign weight to the features of different parts of the face image. To evaluate the proposed algorithm, four face datasets, Yale, ORL, GT and KDEF, are used. Implementation results show that the proposed method outperforms recent methods in terms of accuracy, receiver operating characteristic (ROC) curve, and area under ROC curve. [ABSTRACT FROM AUTHOR]

Published

2024

9. Integrating Fuzzy Graph Theory into Cryptography: A Survey of Techniques and Security Applications.

Author

Singh, Rashmi, Khalid, Saifullah, Nishad, D. K., and Ruchira

Abstract

Since the advent of networked systems, fuzzy graph theory has surfaced as a fertile paradigm for handling uncertainties and ambiguities. Among the different modes of handling challenges created by the uncertainties and ambiguities of current networked systems, integrating fuzzy graph theory with cryptography has emerged as the most promising approach. In this regard, this review paper elaborates on potentially studying fuzzy graph-based cryptographic techniques, application perspectives, and future research directions. Since the expressive power of fuzzy graphs allows the cryptographic schemes to handle imprecise information and to enhance security in many domains, several domains have benefited, such as image encryption, key management, and attribute-based encryption. The paper analyzes in depth the research landscape, mainly by focusing on the varied techniques used, such as fuzzy logic for key generation and fuzzy attribute representation for access control policies. A comparison with performance metrics unveils the trade-offs and advantages of different fuzzy graph-based approaches in efficiency, security strength, and computational overhead. Additionally, the survey explores the security applications of fuzzy graph-based cryptography and underpins potential development for secure communication in wireless sensor networks, privacy-preserving data mining, fine-grained access control in cloud computing, and blockchain security. Some challenges and research directions, such as the standardization of fuzzy logic operators, algorithmic optimization, integration with emerging technologies, and exploitation of post-quantum cryptography applications, are also brought out. This review will thus bring insight into this interdisciplinary domain and stimulate further research for the design of more robust, adaptive, and secure cryptographic systems in the wake of rising complexities and uncertainties. [ABSTRACT FROM AUTHOR]

Published

2024

10. Business process discovery as a service with event log privacy and access control over discovered models.

Author

de la Fuente-Anaya, Hector A., Marin-Castro, Heidy M., Morales-Sandoval, Miguel, and Garcia-Hernandez, Jose Juan

Subjects

*DATA protection laws, *PROCESS mining, *DATA logging, *SOFTWARE development tools, *INFORMATION storage & retrieval systems, *ACCESS control

Abstract

The information systems supporting business processes of organizations generate and collect a large number of records in event logs that are exploitable in process mining tasks (discovery, conformance and enhancement). Under a Big Data scenario, Process Mining as a Service (PMaaS) can be attractive for organizations to outsource the storage of event logs and the processing resources for process mining tasks to the cloud in the presence of large event logs. However, the Cloud Service Provider (CSP) may be honest but curious, thus posing security and privacy risks when event log data are sensitive or subject to data privacy laws and regulations. In this work, a cryptography-based method is presented that preserves the privacy of event log data outsourced to an untrusted CSP, which executes the process discovery task, the most common task in process mining. The method conveniently encrypts the event log on the data owner's side to enable the CSP to apply access control over the discovered models (encrypted) through proxy re-encryption. The proposed method is implemented as a software tool and validated and evaluated in terms of performance, scalability, and data utility using real medical (sensitive) data logs under recommended security levels. The results demonstrate the feasibility of the proposed approach to support Process Discovery as a Service (PDaaS), which enables privacy preservation and access control. [ABSTRACT FROM AUTHOR]

Published

2024

11. Harnessing the amber waves: U.S. grain embargoes against the Soviet Union and the politics of insecurity, 1975–1980.

Author

Evans, David L.

Subjects

*ECONOMIC sanctions, *INTERNATIONAL relations, *EMBARGO, *POWER resources, *ACCESS control

Abstract

This article examines two grain embargoes the United States implemented against the Soviet Union in 1975 and 1980. Following the economic and political disruptions of the 1970s, and the insecurity these events created for the country, US leaders envisioned grain as a resource power. By controlling access to these commodities, the United States could influence the behaviour of other countries and help restore confidence in its foreign policy. Both embargoes failed to achieve these goals and instead demonstrated the limits of economic coercion in a market system and how domestic politics could impact diplomacy through the reaction of US farmers. [ABSTRACT FROM AUTHOR]

Published

2024

12. Video security in logistics monitoring systems: a blockchain based secure storage and access control scheme.

Author

Chen, Zigang, Liu, Fan, Li, Danlong, Liu, Yuhong, Yang, Xingchun, and Zhu, Haihua

Subjects

*FORENSIC sciences, *DATA security failures, *DATA warehousing, *STORAGE facilities, *DATA transmission systems, *VIDEO surveillance, *ACCESS control

Abstract

With the rapid development of the logistics industry and the continuous growth of e-commerce, effectively monitoring logistics warehouses has become increasingly important to ensure the security of goods and oversee activities within storage facilities. Although current surveillance systems provide a certain level of security for logistics warehouses, they still face issues such as data tampering, storage, and access management. These challenges can compromise the integrity of surveillance video data, making the system vulnerable to unauthorized access. To address these challenges, this paper proposes the implementation of blockchain-based security management and access control of video data in logistics warehouses. Specifically, the solution employs the Hyperledger Fabric consortium blockchain to execute smart contracts and store the hash values of video data, thereby detecting any tampering and enhancing the security and integrity of the data. Additionally, hybrid encryption technology is utilized to ensure the confidentiality of video data during transmission and storage. Furthermore, the solution leverages the InterPlanetary File System (IPFS) for distributed video storage. This not only increases the redundancy and accessibility of data storage but also reduces the risk of single-point failures. A Role-Based Access Control (RBAC) mechanism is also introduced to strictly manage access permissions to video data, ensuring that only authorized users can access the data, thereby effectively preventing unauthorized access and data breaches. Through a comprehensive analysis of computational and communication costs and the evaluation of blockchain performance at 100 transactions per second for different transaction volumes using Hyperledger Caliper, the results demonstrate the effectiveness and efficiency of the proposed method. Compared to current research, this solution exhibits higher security, providing a new approach for the secure management and access control of video data in logistics warehouses. [ABSTRACT FROM AUTHOR]

Published

2024

13. A smart contract-driven access control scheme with integrity checking for electronic health records.

Author

Li, Hongzhi, Li, Dun, and Liang, Wei

Subjects

*ELECTRONIC health records, *MEDICAL records, *ACCESS control

Abstract

The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs. [ABSTRACT FROM AUTHOR]

Published

2024

14. Fully outsourced and fully verifiable attribute-based encryption for cloud data sharing.

Author

Zhao, Xiaolong and Huang, Zhenjie

Subjects

*DATA encryption, *ACCESS control, *INFORMATION sharing, *COST

Abstract

Verifiable outsourced attribute-based encryption (VO-ABE) enables one-to-many data sharing and fine-grained access control under lower trust, making it suitable for cloud or edge systems involving resource-constrained devices. There is no fully outsourced and fully verifiable attribute-based encryption scheme or key-policy VO-ABE scheme. Moreover, the previous VO-ABE schemes require multiple rounds of interaction or high verification costs to support verifiable outsourced key generation and verifiable outsourced encryption. To address these issues, in this paper, we propose an effective key-policy fully outsourced and fully verifiable attribute-based encryption scheme supporting verifiable outsourced key generation, encryption, and decryption simultaneously. We formally define two new properties: outsourced key generation verifiability and outsourced encryption verifiability. Analysis and simulation show that the proposed scheme performs well and is practical. All local computational overheads of the proposed scheme are constant and do not increase with the number of attributes or the complexity of access structures. [ABSTRACT FROM AUTHOR]

Published

2024

15. Specifying and Verifying Information Flow Control in SELinux Configurations.

Author

Ceragioli, Lorenzo, Galletta, Letterio, Degano, Pierpaolo, and Basin, David

Subjects

ACCESS control, SEMANTICS, INFORMATION resources management, LANGUAGE policy, INFORMATION policy

Abstract

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing Mandatory Access Control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. However, its application is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. Despite CIL's high level features, CIL configurations are hard to understand as different constructs interact in non-trivial ways. Moreover, there is no mechanism to ensure that a given configuration obeys desired information flow policies. To remedy this, we enrich CIL with a formal semantics, and we propose IFCIL, a backward compatible extension of CIL for specifying fine-grained information flow requirements. Using IFCIL, administrators can express confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements and we experimentally assess it on ten real-world policies. [ABSTRACT FROM AUTHOR]

Published

2024

16. B-ERAC: BLOCKCHAIN-ENABLED ROLE-BASED ACCESS CONTROL FOR SECURE IOT DEVICE COMMUNICATION.

Author

KHAN, NEELAM SALEEM, MIR, ROOHIE NAAZ, CHISHTI, MOHAMMAD AHSAN, and SALEEM, MAHREEN

Subjects

ELLIPTIC curve cryptography, ACCESS control, ENCRYPTION protocols, DATA integrity, INTERNET of things

Abstract

Security risks are increasingly concerning as the Internet of Things (IoT) expands. Authentication, access control, and authorization present significant challenges for resource-constrained IoT devices. Traditional authentication methods often require enhancements for these devices, but Blockchain technology presents a potential solution. Decentralized and distributed, Blockchain eliminates a single point of failure and relies on Elliptic Curve Cryptography (ECC) for robust security. We have introduced a cutting-edge solution to fortify communication security within IoT devices across supply chain ecosystems. By harnessing the power of Blockchain technology, our framework incorporates smart contracts, adheres to ES256 encryption standards, and seamlessly integrates with Infura API. These components establish stringent access controls, ensure data integrity, and enhance transparency throughout supply chain processes. The framework's robust architecture facilitates swift and secure transactions, bolsters traceability efforts, and effectively mitigates potential security risks. With its scalable design and reliable functionality, this framework emerges as a pivotal asset for optimizing IoT device communication within dynamic supply chain environments. The use of ProVerif in our analysis provides a formal guarantee of the correctness of our access control mechanisms. [ABSTRACT FROM AUTHOR]

Published

2024

17. A DYNAMIC SANDBOX DETECTION TECHNIQUE IN A PRIVATE CLOUD ENVIRONMENT.

Author

ZHANGWEI YANG and JUNYU XIAO

Subjects

KNOWLEDGE graphs, MALWARE, DATA security, TRUST, ACCESS control

Abstract

In specific private cloud scenarios, how to defend against malicious software and ensure data security is one of the current research hotspots, and sandbox is an important detection method. This paper proposes a dynamic behavior detection technique based on sandboxing, which real-time monitors and analyzes malicious software behavior. By improving the sandbox behavior weight, integrating virtual resources, and designing fine-grained access control, the detection accuracy and efficiency are enhanced based on zero trust access control system. The simulated attacks are identified on the testing platform, drawing knowledge graphs, achieving effective discovery and tracing. Meanwhile, this paper verified through experiments that the system consumption of the detection method is within an acceptable range, expanding the detection range and reducing the missed detection rate. [ABSTRACT FROM AUTHOR]

Published

2024

18. REVOLUTIONIZING CLOUD SECURITY: A NOVEL FRAMEWORK FOR ENHANCED DATA PROTECTION IN TRANSMISSION AND MIGRATION.

Author

DASARI, RAKESH NAG and BABU, G. RAMA MOHAN

Subjects

CLOUD computing security measures, DATA security, DATA protection, DATA transmission systems, DATA encryption, ACCESS control

Abstract

This research introduces a novel security framework specifically tailored to enhance data protection during cloud transmission and migration. Our study addresses critical gaps in existing security models by proposing a multi-dimensional system that incorporates advanced encryption techniques, dynamic access control, and continuous security auditing. Notably, this framework excels in ensuring cloud data integrity, confidentiality, and availability--core aspects often compromised under conventional methods. Comparative analysis with existing models in simulated cloud environments reveals that our framework significantly enhances threat detection accuracy, response speed, and resource management efficiency. The findings highlight the system's capability to reduce security vulnerabilities while optimizing operational overhead, presenting a substantial improvement over traditional security solutions. This innovative approach, marked by improved scalability and flexibility, is poised to revolutionize cloud data security practices across various industries, prompting further research into robust cloud computing security methodologies. [ABSTRACT FROM AUTHOR]

Published

2024

19. An optimized dynamic attribute-based searchable encryption scheme.

Author

Khan, Shahzad, Khan, Shawal, Waheed, Abdul, Mehmood, Gulzar, Zareei, Mahdi, and Alanazi, Faisal

Subjects

*KEYWORD searching, *ACCESS control, *TRUST, *INTERPOLATION, *POPULARITY, *SERVER farms (Computer network management)

Abstract

Cloud computing liberates enterprises and organizations from expensive data centers and complex IT infrastructures by offering the on-demand availability of vast storage and computing power over the internet. Among the many service models in practice, the public cloud for its operation cost saving, flexibility, and better customer support popularity in individuals and organizations. Nonetheless, this shift in the trusted domain from the concerned users to the third-party service providers pops up many privacy and security concerns. These concerns hindrance the wide adaptation for many of its potential applications. Furthermore, classical encryption techniques render the encrypted data useless for many of its valuable operations. The combined concept of attribute-based encryption (ABE) and searchable encryption (SE), commonly known as attribute-based keyword searching (ABKS), emerges as a promising technology for these concerns. However, most of the contemporary ABE-based keyword searching schemes incorporate costly pairing and computationally heavy secret sharing mechanisms for its realization. Our proposed scheme avoids the expensive bilinear pairing operation during the searching operation and costly Lagrange interpolation for secret reconstruction. Besides, our proposed scheme enables the updation of access control policy without entirely re-encrypting the ciphertext. The security of our scheme in the selective-set model is proved under the Decisional Bilinear Diffie-Hellmen (DBDH) assumption and collision-free. Finally, the experimental results and performance evaluation demonstrate its communication and overall efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

20. Nonmedical cannabis legalization policy in Canada: Has commercialization been a pivotal mistake for public health?

Author

Fischer, Benedikt, Hall, Wayne, Jutras‐Aswad, Didier, and Myran, Daniel

Subjects

*LEGALIZATION, *MARIJUANA industry, *ACCESS control, *PUBLIC spending, *HEALTH status indicators

Abstract

Canada implemented the legalization of nonmedical cannabis use and supply in 2018. Initial blueprints for the legalization policy framework emphasized public health protection as a priority principle and objective, including related policy design parameters and regulatory restrictions (e.g., strict access and distribution control, advertisement/promotion ban, etc.) also as informed by adverse experiences from alcohol/tobacco control. Conversely, Canada's present legalization ecology is characterized by increasingly far‐reaching commercialization; this includes an extensive for‐profit cannabis production and retail industry producing large sales volumes that centrally include high‐risk cannabis products, with many public health‐oriented provisions hollowed out or circumvented in practice. While key cannabis‐related health problem indicators have increased through legalization, mounting evidence suggests that these adverse outcome dynamics, to a crucial extent, have been accelerated by commercialization aspects of legalization. Meanwhile, since legalization the cannabis industry has pushed for further rollbacks of public health‐oriented restrictions for benefits of increased competitiveness. Using the Canadian case study, we focus on the possible pitfalls and adverse effects of commercialization dynamics for public health‐oriented cannabis legalization. Also since commercialization‐related developments and outcomes are hard to reverse, we urge jurisdictions planning cannabis legalization reforms to carefully take consider related evidence and dynamics when assembling their legalization policy frameworks. [ABSTRACT FROM AUTHOR]

Published

2024

21. IPv6 addressing strategy with improved secure duplicate address detection to overcome denial of service and reconnaissance attacks.

Author

Kumar, Gyanendra, Gankotiya, Anil, Rawat, Sur Singh, Balusamy, Balamurugan, and Selvarajan, Shitharth

Subjects

*DENIAL of service attacks, *ACCESS control, *ENERGY consumption, *RANDOM numbers, *RECONNAISSANCE operations, *INTERNET protocol version 6

Abstract

With technology development, the growing self-communicating devices in IoT networks require specific naming and identification, mainly provided by IPv6 addresses. The IPv6 address in the IoT network is generated by using the stateless auto address configuration (SLAAC) mechanism, and its uniqueness is ensured by the DAD protocol. Recent research suggests that IPv6 deployment can be a risky decision due to the existing SLAAC-based addressing scheme and the DAD protocol being prone to reconnaissance and denial of service (DoS) attacks. This research paper proposes a new IPv6 generation scheme with an improved secure DAD mechanism to address these problems. The proposed addressing scheme generates IPv6 addresses by taking a hybrid approach based on vendor id of medium access control (MAC) address, physical location, and arbitrary random numbers, which mitigates reconnaissance attacks by malicious nodes. To prevent the DAD process from DoS attacks, hybrid values of interface identifier (IID) are multicast instead of actual values. The proposed scheme is evaluated under reconnaissance and DoS attacks in the presence of malicious nodes. The evaluation results demonstrate that the proposed method effectively mitigates reconnaissance and DoS attacks, outperforming the EUI-64 and SEUI-64 schemes in terms of address success rate (ASR), energy consumption, and communication overhead. Specifically, the proposed method significantly reduces the average probing rate for scanning the existence of an IPv6 address, with only a 1% probing rate compared to SEUI-64's 5% and EUI-64's 100%. Furthermore, the additional communication overhead introduced by the proposed method is less than 13% and 11% compared to EUI-64 and SEUI-64, respectively. Additionally, the energy consumption required to assign an IPv6 address using the proposed method is lower by 12% and 5% when compared to EUI-64 and SEUI-64, respectively. These findings highlight the effectiveness of the proposed method in enhancing security and optimizing resource utilization in IPv6 addressing. [ABSTRACT FROM AUTHOR]

Published

2024

22. A Fair MAC Protocol Based on Dual Bandwidth Allocation Iterations in Underwater Acoustic Sensor Networks.

Author

Feng, Libin, Liu, Jingke, Chen, Yanxia, and Yao, Jiangyuan

Subjects

*DATA packeting, *ACCESS control, *BANDWIDTH allocation, *BANDWIDTHS, *FAIRNESS, *SCHEDULING

Abstract

ABSTRACT Most existing passive allocation‐based media access control (MAC) protocols for underwater acoustic sensor networks (UASNs) overlook the fairness issue in channel bandwidth allocation, resulting in certain nodes occupying channel resources for extended periods, thereby leading to low channel utilization. To address this issue, this paper proposes a fair MAC protocol based on dual bandwidth allocation iterations (FBA‐MAC). Firstly, by limiting the maximum number of packets and the maximum number of available time slots that the host node can receive in each communication cycle, the protocol reduces collisions and collisions more effectively, thus controlling the communication delay. Secondly, in the process of channel bandwidth allocation, a dual bandwidth allocation iterative method was used to allocate appropriate channel bandwidth for each member node according to its communication requirements and the generation time of its generated data packets. Finally, in order to minimize the time interval of each packet arriving at the host node to reduce the communication delay, the transmission scheduling scheme was adaptively adjusted by combining the results of channel bandwidth allocation to maximize the channel utilization. Simulation results indicate that compared to the other four MAC protocols, FBA‐MAC demonstrates significant advantages in terms of fairness (10% higher), achieving higher network throughput (10% higher) and shorter end‐to‐end delay. Therefore, FBA‐MAC exhibits superior adaptability and efficiency in dynamic network environments. [ABSTRACT FROM AUTHOR]

Published

2024

23. Key-homomorphic and revocable ciphertext-policy attribute based key encapsulation mechanism for multimedia applications.

Author

Belel, Anushree, Dutta, Ratna, and Mukhopadhyay, Sourav

Subjects

DATA privacy, MULTIMEDIA communications, DATA security, SOCIAL networks, SOCIAL services, ACCESS control

Abstract

With the advancement of technology, Multimedia Social Networks (MSN) have become one of the most promising platforms for managing and sharing multimedia content. The user outsources sensitive content to the Multimedia Social Networks Service Provider (MSNSP). The MSNSP accumulates data in the network, and the user can process and share content like files, audios, and videos with other users through MSN such as YouTube, Vimeo, Flicker, Google Video, Cloud Drive, and so on. Despite receiving wide attention, two main drawbacks regarding MSN platforms are user privacy and data security. Ciphertext-policy attribute-based encryption (CP-ABE) is an appealing cryptographic primitive that plays the principal role for fine-grained access control on encrypted content, thus resolving security and privacy issues smoothly. Recently, there has been a trend to design ABE schemes incorporating a variety of additional properties. In this paper, we have assimilated revocability and key-homomorphic property in ciphertext-policy attribute-based key encapsulation mechanism (CP-ABKEM). Our designs are the first to achieve these additional two properties concurrently in an attribute-based setting. We have provided two instantiations of key-homomorphic revocableCP-ABKEM - one is selective secure against chosen-plaintext attack (CPA) in the standard model under the hardness of the q-decisional bilinear Diffie-Hellman exponent (q-DBDHE) problem, while the other achieves selective CPA security in the random oracle model under the hardness of the n-multilinear decisional Diffie-Hellman (n-MDDH) problem. Furthermore, our first scheme performs better than existing similar schemes in terms of communication overhead and master secret key size. As an advanced version of CP-ABKEM, our proposal is significant and may be utilized for various privacy-preserving protocols. [ABSTRACT FROM AUTHOR]

Published

2024

24. We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers.

Author

Vrhovec, Simon and Markelj, Blaž

Subjects

*INFORMATION technology security, *ACCESS control, *INTERNET security, *MULTI-factor authentication, *COMPUTER software management, *BOTNETS

Abstract

Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N = 283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats (e.g., distributed denial-of-service (DDoS) attacks, botnets, industrial espionage, and phishing) and solutions (e.g., security operation center (SOC), advanced antimalware solutions with endpoint detection and response (EDR)/extended detection and response (XDR) capabilities, organizational critical infrastructure access control, centralized device management, multi-factor authentication, centralized management of software updates, and remote data deletion on lost or stolen devices) are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with information technology (IT)) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors. [ABSTRACT FROM AUTHOR]

Published

2024

25. Dynamic Twitter friend grouping based on similarity, interaction, and trust to account for ever‐evolving relationships.

Author

Shetty, Nisha P., Muniyal, Balachandra, Maben, Leander Melroy, Jayaraj, Rithika, and Saxena, Sameer

Subjects

*ONLINE social networks, *DATA privacy, *DIGITAL technology, *RELATIONSHIP status, *SOCIAL networks, *VIRTUAL communities

Abstract

Online social networks have become ubiquitous, allowing users to share opinions on various topics. However, oversharing can compromise privacy, leading to potential blackmail or fraud. Current platforms lack friend categorization based on trust levels. This study proposes simulating real‐world friendships by grouping users into three categories: acquaintances, friends, and close friends, based on trust and engagement. It also introduces a dynamic method to adjust relationship status over time, considering users' past and present offenses against peers. The proposed system automatically updates friend lists, eliminating manual grouping. It calculates relationship strength by considering all components of online social networks and trust variations caused by user attacks. This method can be integrated with clustering algorithms on popular platforms like Facebook, Twitter, and Instagram to enable constrained sharing. By implementing this system, users can better control their information sharing based on trust levels, reducing privacy risks. The dynamic nature of the relationship status adjustment ensures that the system remains relevant as user interactions evolve over time. This approach offers a more nuanced and secure social networking experience, reflecting real‐world relationship dynamics in the digital sphere. [ABSTRACT FROM AUTHOR]

Published

2024

26. An improved smart contract-based bring your own device (BYOD) security control framework.

Author

Almarhabi, Khalid A.

Subjects

ACCESS control, SECURITY systems, DATA security failures, BLOCKCHAINS, CONTRACTS

Abstract

The evolution of mobile technology has produced new methods and policies for organisations to process data and communicate. Bring your own device (BYOD), which allows employees to bring their own personal devices to work and access organisational resources for work purposes, is one such new policy. However, as this practice poses significant risks, organisations must implement commensurate security measures to protect their integrity. This paper aimed to mitigate these risks by proposing a decentralized and unassailable security control solution tailored to the BYOD environment. The proposed architecture leveraged business blockchain with smart contracts (SCs) to automate policy compliance and strictly adhere to organisational rules and regulations. The research demonstrated that this approach effectively reduces access control (AC) threats and enhances security policies and management. The findings highlighted that the implementation of SCs within a blockchain framework significantly improves the security of the BYOD environment by minimising the risks of unauthorised access, data breaches, and insider threats. Additionally, SCs enable organisations to establish decentralised and tamper-proof security control systems, reducing the dependence on centralised authorities and bolstering overall system integrity. [ABSTRACT FROM AUTHOR]

Published

2024

27. A New Hybrid MAC Protocol for UAV-based Data Gathering in Dense IoT Network Applications.

Author

Atmaca, Sedat

Subjects

WIRELESS sensor nodes, SENSOR networks, DRONE aircraft, ACCESS control, NETWORK performance

Abstract

The Internet of Things (IoT) is globally distributed network systems consisting of small low-cost physical sensor nodes that can sense their environment and communicate with other nodes and computers. They are particularly used for key solutions to monitoring systems such as healthcare monitoring, environmental monitoring, and remote patient monitoring and are also preferred for their vast benefits for precision agriculture, smart building, and smart home applications. Medium Access Control (MAC) schemes are vital part of IoT systems, as the network performance metrics such as throughput, end-to-end packet delay, and energy consumption mostly depend upon the MAC scheme utilized. In this paper, a new hybrid MAC protocol called as Low-Delay Hybrid Medium Access Control (LD-HMAC) for data-gathering purposes in high-density IoT networks is presented with its models and detailed performance evaluation. In the networking application area, an unmanned aerial vehicle is considered as an access point for arranging and scheduling channel access, whereas wireless sensor nodes (IoT nodes) are considered as data-gathering elements from a dense IoT networking environment. The proposed LD-HMAC combines the strengths of both TDMA and CSMA, targeting primarily dense IoT network applications. In the development stages, first the proposed LD-HMAC protocol is designed, modeled, and evaluated analytically by using Discrete-Time Markov Chain. Second, in order to validate the analytical results of the proposed model, a simulation model was developed by using the Riverbed network simulation tool. Finally, the performance results obtained are compared to those of the corresponding MDCA and CCS models referenced in Shrestha (IEEE Trans Wirel Commun 13: 4050–4065, 2014). With respect to the end-to-end delay, the proposed LD-HMAC achieves better results than those of the MDCA and CCS models for time-critical dense IoT network applications. [ABSTRACT FROM AUTHOR]

Published

2024

28. Value of Dual Arterial Access for Improved Angiographic Control for Double-Lumen Arterial Balloon Onyx Embolization of Multifeeder Complex Cranial Dural Arteriovenous Fistulas: A Technical Nuance.

Author

Jee, Elizabeth, Folse, Michael, Shah, Rahul, Lange, Lauren, Kandregula, Sandeep, Chokhawala, Himanshu, Guthikonda, Bharat, Cuellar, Hugo, and Savardekar, Amey

Subjects

*ARTERIOVENOUS fistula, *ANGIOGRAPHY, *ENDOVASCULAR surgery, *ACCESS control, *FISTULA

Abstract

Here we describe our experience managing intracranial dural arteriovenous fistulas (DAVFs) via endovascular embolization using a transarterial embolization (TAE) technique with liquid embolic agents. We illustrate the technical nuance of using dual arterial access for angiographic control runs in complex DAVFs supplied by multiple feeders from 2 distinct arterial systems. Retrospective analysis of intracranial DAVF embolization as a single treatment technique at our institution from 2013 to 2023. Twenty-three patients with intracranial DAVF who underwent endovascular treatment as their initial treatment were included. All embolizations were approached transarterially with Onyx (n = 19), n-butyl cyanoacrylate (n = 2), or a combination (n = 2). Twenty-two patients (96%) had angiographic evidence of complete fistula obliteration after initial embolization. Six DAVF TAEs were performed with dual arterial access for simultaneous embolic delivery and angiographic control intraoperatively. Two patients recanalized twice postprocedure, 1 of whom was found to have incidental new DAVF at follow-up. Median patient follow-up was 12 months (interquartile range, 6–36 months), with a median modified Rankin Scale score on discharge of 1 and a Glasgow Outcome Scale score at 3 months of 5. In this initial series of patients with DAVF managed by endovascular embolization, dual arterial access was feasible, safe, and effective in achieving fistula obliteration. Dual-arterial access conveniently provides simultaneous access for control angiography and embosylate delivery intraoperatively. [ABSTRACT FROM AUTHOR]

Published

2024

29. Attribute-Based Designated Combiner Transitive Signature Scheme.

Author

Hou, Shaonan, Yang, Shaojun, and Lin, Chengjun

Subjects

*ACCESS control, *POLICY discourse, *ALGORITHMS, *DEFINITIONS

Abstract

Transitive signatures allow any entity to obtain a valid signature of (i , k) by combining signatures of (i , j) and (j , k) . However, the traditional transitive signature scheme does not offer fine-grained control over the combiner. To address this issue, we propose a formal definition of the attribute-based designated combiner transitive signature (ABDCTS) and its security model, where only entities whose inherent attributes meet the access policy can combine signatures. By introducing the fine-grained access control structure, control over the combiner is achieved. To demonstrate the feasibility of our primitive, this paper presents the first attribute-based designated combiner transitive signature scheme. Under an adaptive chosen-message attack, we prove its security based on the one-more CDH problem and the co-CDH problem, and that its algorithms have robustness. [ABSTRACT FROM AUTHOR]

Published

2024

30. Analyzing supply chain technology trends through network analysis and clustering techniques: a patent-based study.

Author

Shokouhyar, Sajjad, Maghsoudi, Mehrdad, Khanizadeh, Shahrzad, and Jorfi, Saeid

Subjects

*SOCIAL network analysis, *TECHNOLOGICAL forecasting, *SUPPLY chains, *ACCESS control, *TEXT mining, *SUPPLY chain management, *INDUSTRIAL clusters

Abstract

The supply chain forms the backbone of the modern consumer economy, weaving an intricate network of stakeholders across geographical and socioeconomic divides. While new technologies have enhanced supply chain management, the market dynamism and network complexities continue to challenge decision-makers. This study employs social network analysis and text mining to unravel technological patterns within the patent landscape of supply chain management. The analysis draws on a dataset of over 32,000 supply chain patents from Lens.org spanning 2000–2022. Network analysis reveals cooperation patterns and key players, while text mining and clustering identify five technology clusters: secure access control, manufacturing, logistics, data management, and RFID. Technology life cycle analysis indicates that secure access control, data management, and RFID have reached maturity, while logistics is still growing and manufacturing faces saturation. The findings highlight that despite maturity, these technologies warrant continued investment to resolve persistent challenges. The technology trends and maturity insights uncovered can help enterprises make informed strategic decisions by aligning R&D initiatives with technology lifecycles. This pioneering study bridges innovation research and technology management, offering a nuanced understanding of supply chain technologies. The framework presented can be extended to analyze other domains, opening avenues for further research. Overall, this study decodes the patent landscape to decode the future. [ABSTRACT FROM AUTHOR]

Published

2024

31. Using the ACE framework to enforce access and usage control with notifications of revoked access rights.

Author

Rasori, Marco, Saracino, Andrea, Mori, Paolo, and Tiloca, Marco

Subjects

*INTERNET access control, *ACCESS control, *INTERNET of things, *REVOCATION

Abstract

The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. [ABSTRACT FROM AUTHOR]

Published

2024

32. Efficient access control scheme for heterogeneous signcryption based on blockchain in VANETs.

Author

Khalafalla, Wael, Zhu, Wen-Xing, Elkhalil, Ahmed, and Elfadul, Issameldeen

Subjects

*ACCESS control, *ACCESS to information, *VEHICULAR ad hoc networks, *ENERGY consumption, *ROADSIDE improvement

Abstract

Access control refers to the mechanisms and policies determining which vehicles or entities can access certain network resources, services, or information. Nevertheless, the dynamic nature of a VANET, the necessity to support a wide range of services, and the importance of protecting users' personal information make access control a challenging issue in vehicle contexts. This study presents an efficient access control scheme based on a blockchain to enhance efficiency and security in heterogeneous signcryption (AC-HSC). Additionally, the AC-HSC protocol incorporates blockchain technology for revocation transparency, allowing roadside units to efficiently verify revoked pseudo-identities without relying on a central unit. The AC-HSC effectively fulfills various security criteria, including integrity, privacy preservation, authentication, traceability, unlinkability, non-repudiation, and resistance against replay attacks. Moreover, the formal analysis carried out in a random oracle model (ROM) proves that the proposed protocol is secure against indistinguishability under chosen-ciphertext attack (IND-CCA2) under the Computational Diffie-Hellman (CDH) assumption and existential unforgeability under chosen message attack (EUF-CMA) under the Discret-Logarithm (DL) assumption. In addition, the proposed protocol effectively addresses the issue of key escrow and successfully eliminates the challenges associated with certification management. Finally, the AC-HSC protocol implemented with a free pairing demonstrates reduced computational costs by 3.57%, 50%, 53.53%, 72.22%, 32.66%, 50.90%, 3.57%, and 57.14%, respectively, and the total energy consumption of the VANET nodes in our protocol reduced by about 4.16%, 45.03%, 50.04%, 68.37%, 31.52%, 49.67%, 4.16%, and 53.68%, respectively, as compared with the existing signcryption schemes. [ABSTRACT FROM AUTHOR]

Published

2024

33. Lightweight, verifiable and revocable EHRs sharing with fine-grained bilateral access control.

Author

Zhang, Kai, Chen, Tao, Chen, Siyuan, Wei, Lifei, and Ning, Jianting

Subjects

*ACCESS control, *CLOUD storage, *DATA warehousing, *INFORMATION sharing, *REVOCATION

Abstract

EHRs sharing systems provide a secure and efficient way for patients and doctors to share information in smart healthcare. Due to the concern about data confidentiality and authorized access, the exploitation of attribute-based encryption (ABE) is widely adopted for EHRs sharing in cloud storage. However, most ABE-based EHRs sharing system only considered unilateral access control or supported non-flexible bilateral access control. Hence, we propose a lightwight and flexible healthcare data sharing system, LiVeRe, which enables fine-grained bilateral access control and moreover supports efficient user revocation and ciphertext integrity verification for the access control property. Technically, we employ the dual-policy framework to specify the access policy and pre-decryption techniques to alleviate the computational burden, and efficient revocation of user access rights by the KUNode algorithm. We also provide formal security models and correspondingly prove its security. Moreover, we conduct experiments on the cloud to demonstrate the practicality of our LiVeRe scheme. [ABSTRACT FROM AUTHOR]

Published

2024

34. StreamFilter: a framework for distributed processing of range queries over streaming data with fine-grained access control.

Author

Safaee, Shahab, Mirabi, Meghdad, and Safaei, Ali Asghar

Subjects

*DISTRIBUTED computing, *DATA management, *DATA distribution, *ACCESS control, *INDEXING, *TREES

Abstract

Access control is a fundamental component of any data management system, ensuring the prevention of unauthorized data access. Within the realm of data streams, it plays a crucial role in query processing by facilitating authorized access to them. This paper introduces the StreamFilter framework, which focuses on securely processing queries with range filters over streaming data. Leveraging the Role-Based Access Control model, the StreamFilter framework enables the specification of fine-grained access policies at various levels of granularity, such as tuples and attributes, through the utilization of a bit string structure. To enhance the search operation during data stream query processing, the framework employs a distributed indexing method, constructing a set of smaller B + Tree indices rather than a single large B + Tree index. Furthermore, it seamlessly integrates access authorization evaluation with query processing, efficiently filtering unauthorized parts from the query results. The experimental results demonstrate an approximately 50% increase in efficiency for processing queries with range filters compared to the post-filtering strategy. This improvement is observed across all types of data distribution, including uniform, skew, and hyper skew. [ABSTRACT FROM AUTHOR]

Published

2024

35. Assessing women's empowerment, participation, and engagement in aquaculture in Bangladesh.

Author

Njogu, Lucy, Adam, Rahma, and Farnworth, Cathy Rozel

Subjects

*WOMEN'S empowerment, *FISH farming, *WOMEN'S programs, *ACCESS control, *GENDER inequality

Abstract

Women's empowerment and gender equality are key goals for development and human rights. However, a significant gap still exists in achieving these twin goals. Formulating appropriate strategies for women's empowerment requires first understanding context-specific patterns and sources of disempowerment. We use data collected using a questionnaire survey from 1653 households in Rangpur and Rajshahi districts in Bangladesh. Guided by an analytic tool that measures women's empowerment, inclusion and agency (the project level Women's Empowerment in Fisheries and aquaculture Index (pro-WEFI)), and using seven empowerment indicators, we provide findings on the status of women's empowerment, participation, and engagement in aquaculture in Bangladesh. Results show that women were highly involved in making household decisions, mainly jointly with their husbands. However, data suggest a substantial gap in women's access to financial services, in participation in aquaculture activities, and in access to and control over productive capital and remuneration for aquaculture labor. Finally, despite some women achieving adequacy on some indicators, most women in fish farming households in Bangladesh lack adequacy on many of the selected indicators. [ABSTRACT FROM AUTHOR]

Published

2024

36. BIoT Smart Switch-Embedded System Based on STM32 and Modbus RTU—Concept, Theory of Operation and Implementation.

Author

Zagan, Ionel and Găitan, Vasile Gheorghiță

Subjects

SMART cities, INTERNET of things, ACCESS control, ELECTRIC power consumption, SMART homes

Abstract

Considering human influence and its negative impact on the environment, the world will have to transform the current energy system into a cleaner and more sustainable one. In residential as well as office buildings, there is a demand to minimize electricity consumption, improve the automation of electrical appliances and optimize electricity utilization. This paper describes the implementation of a smart switch with extended facilities compared to traditional switches, such as visual indication of evacuation routes in case of fire and acoustic alerts for emergencies. The proposed embedded system implements Modbus RTU serial communication to receive information from a fire alarm-control panel. An extension to the Modbus communication protocol, called Modbus Extended (ModbusE), is also proposed for smart switches and emergency switchboards. The embedded smart switch described in this paper as a scientific and practical contribution in this field, based on a performant microcontroller system, is integrated into the Building Internet of Things (BIoT) concept and uses the innovative ModbusE protocol. The proposed smart lighting system integrates building lighting access control for smart switches and sockets and can be extended to incorporate functionality for smart thermostats, access control and smart sensor-based information acquisition. [ABSTRACT FROM AUTHOR]

Published

2024

37. Measuring Enterprise Resource Planning (ERP) Software Risk Management for Digital SMEs.

Author

Prihandono, Dorojatun, Wijaya, Angga Pandu, Abiprayu, Kris Brantas, Prananta, Widya, and Widia, Syam

Subjects

INFORMATION technology, ENTERPRISE resource planning, ENCRYPTION protocols, DIGITAL transformation, SERVICE level agreements, SYSTEM downtime, ACCESS control

Abstract

The research aims to analyze risk management in the adoption of Enterprise Resource Planning (ERP). ERP currently widely used, however limited research focus on risk management adoption regarding technological and information system. Digital transformation encourages SMEs to adopt information technology to streamline business processes, especially ERP. Through a comprehensive investigation involving 85 SME owners, the study focuses on ERP risk management. The analysis is conducted by identifying, mapping, and assessing severity. Additionally, data is analyzed using a neural network to explain the satisfaction level of ERP adoption. The research identifies several key risk factors, including vendor stability, data security, system downtime, and inadequate support. Based on research result, risk management underscores the need for robust encryption protocols, access controls, and regular security audits to mitigate the risks of data breaches, unauthorized access, and the compromise of critical business data. The research is reliable in illustrating ERP adoption risks, with a 98.3% correct prediction rate. The novelty of this research lies in its identification and mapping of risk factors in ERP adoption for SMEs, serving as an alternative reference for determining information technology improvements. The research suggests prioritizing thorough due diligence when selecting an ERP vendor and establishing clear and comprehensive Service Level Agreements. [ABSTRACT FROM AUTHOR]

Published

2024

38. Comparative Assessment of Expected Safety Performance of Freeway Automated Vehicle Managed Lanes.

Author

Sarran, Jana McLean and Hassan, Yasser

Subjects

LANE changing, AUTONOMOUS vehicles, ACCESS control, TRAFFIC lanes, SAFETY, TRAFFIC safety

Abstract

The use of dedicated lanes, known as managed lanes (MLs), on freeways is an established traffic management strategy to reduce congestion. Allowing automated vehicles (AVs) in existing MLs or dedicating MLs for AVs, referred to as AVMLs, has been suggested in the literature as a tool to improve traffic operation and safety performance as AVs and driver-operated vehicles (DVs) coexist in a mixed-vehicle environment. This paper focuses on investigating the safety impacts of deploying AVMLs on freeways by repurposing general-purpose lanes (GPLs). Four ML strategies considering different lane positions and access controls were implemented in a traffic microsimulation under different AV market adoption rates (MARs) and traffic demand levels, and trajectories were used to extract rear-end and lane change conflicts. The time-to-collision (TTC) surrogate safety measure was used to identify critical conflicts using a time threshold dependent on the type of following vehicle. Rates of conflicts involving different vehicle types for all ML strategies were compared to the case of heterogeneous traffic. The results indicated that the rates of rear-end conflicts involving the same vehicle type as the lead and following vehicle, namely DV-DV and AV-AV conflicts, increased with ML implementation as more vehicles of the same type traveled in the same lane(s). By comparing the aggregated conflict rates, the design options that were deemed to negatively impact traffic efficiency and capacity were also found to negatively impact traffic safety. However, other ML options were found to be feasible in terms of traffic operation and safety performance, especially at traffic demand levels below capacity. Specifically, one left-side AVML with continuous access was found to have lower or comparable aggregated conflict rates compared to heterogenous traffic at 25% and 50% MARs, and, thus, it is expected to have positive or neutral safety impacts. [ABSTRACT FROM AUTHOR]

Published

2024

39. Voluntary self-exclusion from gambling: Expert opinions on gaps and needs for improvement.

Author

Kraus, Ludwig, Bickl, Andreas M., Hellman, Matilda, Kankainen, Veera E., Loy, Johanna K., Neyer, Marieke, Norman, Thomas, Rolando, Sara, Room, Robin, Rossow, Ingeborg, Volberg, Rachel, and Cisneros Örnberg, Jenny

Subjects

COMPULSIVE gambling, GAMBLING, GAMBLING industry, ACCESS control, GOVERNMENT agencies

Abstract

Aims: Voluntary self-exclusion (VSE) programmes are intended to minimise gambling-related harm. They are considered effective for the individual but several weaknesses have been reported that deter individuals from enrolment. The present paper summarises opinions about and experiences with VSE strategies and assesses gaps and needs with regard to the current self-exclusion regulations and programmes in seven jurisdictions. Methods: A total of 102 representatives from various sectors (research community; addiction help and care services; prevention; regulatory bodies; gambling providers) in Finland, Germany, Italy, Massachusetts (USA), Norway, Sweden, and Victoria (Australia) were surveyed about their experiences with and opinions about VSE strategies, as well as gaps and needs of the current VSE regulations in their jurisdiction. Results: The respondents agreed on the need for and importance of VSE programmes. However, in all participating jurisdictions, VSE regulations at the time of the survey were considered insufficient, and the respondents suggested potential improvements to facilitate the exclusion process, increase utilisation and reduce gamblers' breaching VSE. Representatives of the gambling industry also emphasised the individual's responsibility. Conclusions: Individuals with gambling disorder require effective VSE programmes to cope with their addictive behaviour. To effectively reduce breaches, technical and legal solutions are necessary. This includes access controls based on complete nationwide registries, strict enforcement and preventing excluded gamblers from accessing unlicensed online operators. [ABSTRACT FROM AUTHOR]

Published

2024

40. Intelligent and Secure Cloud–Edge Collaborative Industrial Information Encryption Strategy Based on Credibility Assessment.

Author

Tan, Aiping, Dong, Chenglong, Wang, Yan, Wang, Chang, and Xia, Changqing

Subjects

INFORMATION technology security, COMPUTER network traffic, CYBERTERRORISM, ACCESS control, SECURITY systems

Abstract

As industries develop and informatization accelerates, enterprise collaboration is increasing. However, current architectures face malicious attacks, data tampering, privacy issues, and security and efficiency problems in information exchange and enterprise credibility. Additionally, the complexity of cyber threats requires integrating intelligent security measures to proactively defend against sophisticated attacks. To address these challenges, this paper introduces an intelligent and secure cloud–edge collaborative industrial information encryption strategy based on credibility assessment. The proposed strategy incorporates adaptive encryption specifically designed for cloud–edge and edge–edge architectures and utilizes attribute encryption to control access to user-downloaded data, ensuring secure information exchange. A mechanism for assessing enterprise credibility over a defined period helps maintain a trusted collaborative environment, crucial for identifying and mitigating risks from potentially malicious or unreliable entities. Furthermore, integrating intelligent threat detection and response systems enhances overall security by continuously monitoring and analyzing network traffic for anomalies. Experimental analysis evaluates the security of communication paths and examines how enterprise integrity influences collaboration outcomes. Simulation results show that this approach enhances enterprise integrity, reduces losses caused by harmful actors, and promotes efficient collaboration without compromising security. This intelligent and secure strategy not only safeguards sensitive data but also ensures the resilience and trustworthiness of the collaborative network. [ABSTRACT FROM AUTHOR]

Published

2024

41. Adaptive MAC Scheme for Interference Management in Ad Hoc IoT Networks.

Author

Ali, Ehsan, Fazil, Adnan, Ryu, Jihyoung, Ashraf, Muhammad, and Zakwan, Muhammad

Subjects

CARRIER sense multiple access, RAYLEIGH fading channels, TECHNOLOGICAL innovations, ACCESS control, NETWORK performance

Abstract

The field of wireless communication has undergone revolutionary changes driven by technological advancements in recent years. Central to this evolution is wireless ad hoc networks, which are characterized by their decentralized nature and have introduced numerous possibilities and challenges for researchers. Moreover, most of the existing Internet of Things (IoT) networks are based on ad hoc networks. This study focuses on the exploration of interference management and Medium Access Control (MAC) schemes. Through statistical derivations and systematic simulations, we evaluate the efficacy of guard zone-based MAC protocols under Rayleigh fading channel conditions. By establishing a link between network parameters, interference patterns, and MAC effectiveness, this work contributes to optimizing network performance. A key aspect of this study is the investigation of optimal guard zone parameters, which are crucial for interference mitigation. The adaptive guard zone scheme demonstrates superior performance compared to the widely recognized Carrier Sense Multiple Access (CSMA) and the system-wide fixed guard zone protocol under fading channel conditions that mimic real-world scenarios. Additionally, simulations reveal the interactions between network variables such as node density, path loss exponent, outage probability, and spreading gain, providing insights into their impact on aggregated interference and guard zone effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

42. Reversible Data Hiding Algorithm in Encrypted Images Based on Adaptive Median Edge Detection and Ciphertext-Policy Attribute-Based Encryption.

Author

Zongbao Jiang, Minqing Zhang, Weina Dong, Chao Jiang, and Fuqiang Di

Subjects

REVERSIBLE data hiding (Computer science), DATA encryption, ACCESS control, ENTROPY (Information theory), ALGORITHMS, IMAGE encryption

Abstract

With the rapid advancement of cloud computing technology, reversible data hiding algorithms in encrypted images (RDH-EI) have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments. However, existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios. To address these challenges, this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection (AMED) and ciphertext-policy attribute-based encryption (CP-ABE). This proposed algorithm enhances the conventional median edge detection (MED) by incorporating dynamic variables to improve pixel prediction accuracy. The carrier image is subsequently reconstructed using the Huffman coding technique. Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights, with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme. Ultimately, the encrypted image is transmitted to the data hider, enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image. This approach allows only the receiver to extract the authorized group’s secret data, thereby enabling fine-grained, controlled access. Test results indicate that, in contrast to current algorithms, the method introduced here considerably improves the embedding rate while preserving lossless image recovery. Specifically, the average maximum embedding rates for the (3, 4)-threshold and (6, 6)-threshold schemes reach 5.7853 bits per pixel (bpp) and 7.7781 bpp, respectively, across the BOSSbase, BOW-2, and USD databases. Furthermore, the algorithm facilitates permission-granting and joint-decryption capabilities. Additionally, this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation, information entropy, and number of pixel change rate (NPCR), confirming its high level of security. Overall, the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data. [ABSTRACT FROM AUTHOR]

Published

2024

43. Access Control Models and Frameworks for the IoT Environment: Review, Challenges, and Future Direction.

Author

Mishra, Rajiv Kumar, Yadav, Rajesh K., and Nath, Prem

Subjects

INTERNET access control, ACCESS control, INTERNET privacy, SECURITY systems, INTERNET of things

Abstract

The rapid growth of the Internet of Things and the massive growth of sensitive data created by user equipment have headed to resilient demand for additional security and privacy measures. The data produced by the IoT devices are often sensitive & personal, which raises new concerns about security measurement. The development & adoption of IoT and the security aspects of the IoT are not going at the same pace. The future IoT architecture must emphasize enough security concerns and provides adequate measures to prevent devices/data from being accessed by unauthorized means. This work encompasses a comprehensive analysis of frameworks & models of access control for the IoT environment. In this review paper, the analysis of access control solutions is done in four parts: the first part compares various existing review articles with our work, the second part encompasses architecture-based access control mechanisms, the third part comprises access control models, and the fourth part contains few emergent solutions including blockchain-based solutions. Subsequently, prevalent solutions are mapped to vital requirements of the IoT environment. Eventually, security obligations for the IoT environment, probable challenges, and forthcoming research directions are highlighted. This research explores the growing literature on access control for IoT, emphasizing its security requirements. [ABSTRACT FROM AUTHOR]

Published

2024

44. Cross-Domain Bilateral Access Control on Blockchain-Cloud Based Data Trading System.

Author

Park, Youngho, Shin, Su Jin, and Shin, Sang Uk

Subjects

BLOCKCHAINS, CLOUD computing, POLICY discourse, INFORMATION sharing, MARKETPLACES, ACCESS control

Abstract

Data trading enables data owners and data requesters to sell and purchase data. With the emergence of blockchain technology, research on blockchain-based data trading systems is receiving a lot of attention. Particularly, to reduce the on-chain storage cost, a novel paradigm of blockchain and cloud fusion has been widely considered as a promising data trading platform. Moreover, the fact that data can be used for commercial purposes will encourage users and organizations from various fields to participate in the data marketplace. In the data marketplace, it is a challenge how to trade the data securely outsourced to the external cloud in a way that restricts access to the data only to authorized users across multiple domains. In this paper, we propose a cross-domain bilateral access control protocol for blockchain-cloud based data trading systems. We consider a system model that consists of domain authorities, data senders, data receivers, a blockchain layer, and a cloud provider. The proposed protocol enables access control and source identification of the outsourced data by leveraging identity-based cryptographic techniques. In the proposed protocol, the outsourced data of the sender is encrypted under the target receiver's identity, and the cloud provider performs policy-match verification on the authorization tags of the sender and receiver generated by the identity-based signature scheme. Therefore, data trading can be achieved only if the identities of the data sender and receiver simultaneously meet the policies specified by each other. To demonstrate efficiency, we evaluate the performance of the proposed protocol and compare it with existing studies. [ABSTRACT FROM AUTHOR]

Published

2024

45. Deploying artificial intelligence in services to AID vulnerable consumers.

Author

Hermann, Erik, Williams, Gizem Yalcin, and Puntoni, Stefano

Subjects

CONSUMER behavior, ARTIFICIAL intelligence, ACCESS control, CONSUMERS, INTELLIGENCE service

Abstract

Despite offering substantial opportunities to tailor services to consumers' wants and needs, artificial intelligence (AI) technologies often come with ethical and operational challenges. One salient instance of such challenges emerges when vulnerable consumers, consumers who temporarily or permanently lack resource access or control, are unknowingly discriminated against, or excluded from the marketplace. By integrating the literature on consumer vulnerability, AI for social good, and the calls for rethinking marketing for a better world, the current work builds a framework on how to leverage AI technologies to detect, better serve, and empower vulnerable consumers. Specifically, our AID framework advocates for designing AI technologies that make services more accessible, optimize customer experiences and journeys interactively, and to dynamically improve consumer decision-making. Adopting a multi-stakeholder perspective, we also discuss the respective implications for researchers, managers, consumers, and public policy makers. [ABSTRACT FROM AUTHOR]

Published

2024

46. Contextual attribute‐based access control scheme for cloud storage using blockchain technology.

Author

Panda, Suryakanta, Sahoo, Swagatika, Halder, Raju, and Mondal, Samrat

Subjects

CLOUD storage, BLOCKCHAINS, ACCESS control, INFORMATION policy, ACCESS to information

Abstract

Access control of data that are outsourced to cloud storage is a challenging problem because data owners lose direct control over outsourced data. Attribute‐based encryption (ABE) is a potential cryptographic solution to provide confidentiality and flexible sharing of these outsourced data. However, the traditional ABE schemes do not meet the need of the current dynamic environment where data access not only considers the user's static and inherent attributes but also takes the user's contextual information such as location and time of access. This paper presents an improved ABE scheme using blockchain technology that can handle the frequently changing location and time attributes of data users efficiently, leading to support for fine‐grained access control of cloud storage embedding contextual information in the access policy of ABE. A prototype implementation of the proposed ABE scheme using solidity on the Ethereum platform and the experimental evaluation in terms of performance and execution cost shows a promising result. [ABSTRACT FROM AUTHOR]

Published

2024

47. CLAACS‐IOD: Certificate‐embedded lightweight authentication and access control scheme for Internet of Drones.

Author

Sadhukhan, Dipanwita, Ray, Sangram, Dasgupta, Mou, and Rodrigues, Joel J. P. C.

Subjects

INTERNET access control, DIGITAL certificates, ACCESS control, DRONE aircraft, INTERNET

Abstract

In recent era, the unmanned aerial vehicles (UAVs) commonly known as drones has emerged as a one of the most significant and promising tools which has demonstrated its wide range of implementations variating from commercial domain to the field of defense due to its distinct capabilities such as inspection, surveillance, precision and so forth. Internet connected drones provides a propitious trend that boosts the flying safety, and service qualities of the UAVs where numerous low‐altitude drones winged in different flying regions for executing a precise task such as gathering the real‐time information from the unuttered environment to be interpretated by users. Nevertheless, the open‐access insecure communications in hostile environment, the issues like safety and confidentiality threats, various security concerns such as the leakage of flying courses, identities, position, and gathered data by the drones are upstretched. To address these security concerns, access control mechanism provides a potential service in terms of authentication and key agreement for securing the communication between the individual drones within their respective flying regions. This article introduces a robust, efficient, lightweight, and privacy preserving ECC integrated access control approach by employing digital certificate with considering the high dynamicity and mobility of the drones. The designing of this proposed approach, that is, CLAASC‐IoD is influenced by the aim of inter‐drone and drone‐to‐ground station communication in the IoD paradigm. The detailed analysis of security using probabilistic random oracle model as well as simulation using well‐accepted security verification tool AVISPA and comparative performance evaluation supports the claim of robustness, effectiveness, and proficiency. [ABSTRACT FROM AUTHOR]

Published

2024

48. Enhanced Visual Cryptographic Schemes with Essential Access Structures and Pixel-Wise Operations.

Author

Revathi, M., D., Devi, Menaha, R., Dineshkumar, R., and Mohan, S.

Subjects

VISUAL cryptography, INFORMATION technology security, ACCESS control, SIGNAL-to-noise ratio, DATA protection

Abstract

By splitting a picture into many parts, which, when reassembled, disclose the original image without requiring complicated math, visual cryptography is a strong method for protecting visual information. Problems with pixel enlargement, decreased picture quality, and restricted access structures are common with traditional visual cryptography techniques. Our proposed improved visual cryptography approach incorporates pixel-wise operations and critical access structures to solve these challenges and increase flexibility, picture quality, and security. To reconstruct a picture, our technique calls for building visual cryptographic shares based on critical access structures that specify the exact combinations of shares needed. In order to maintain the image's resolution and reduce pixel expansion, we use pixel-wise processes. By improving the peak signal-to-noise ratio (PSNR) by up to 20% compared to conventional approaches, experimental data show that our strategy greatly improves picture quality. In addition, the suggested approach guarantees that individual shares do not disclose any information on the original picture, thereby maintaining high security requirements. Finally, it is clear that the enhanced visual cryptographic system is well-suited for a wide range of uses in safe communications and data security due to its strong solution for secure picture sharing, increased picture quality, and adjustable access control. [ABSTRACT FROM AUTHOR]

Published

2024

49. Multi-Fusion Biometric Authentication using Minutiae-Driven Fixed-Size Template Matching (MFTM).

Author

Sathishkumar, B. R., Monica, K. M., Sasikala, D., and Sudha, M. N.

Subjects

BIOMETRIC identification, IRIS recognition, DIGITAL technology, ACCESS control, BIOMETRY

Abstract

In today's digital era, ensuring robust and secure authentication mechanisms is crucial. Multi-fusion biometric authentication systems have emerged as a powerful solution to enhance security and reliability by integrating multiple biometric traits. This paper presents a novel Multi-Fusion Biometric Authentication approach using Minutiae-Driven Fixed-Size Template Matching (MFTM). The proposed method leverages the unique features of minutiae points in fingerprints and combines them with other biometric modalities, such as iris and facial recognition, to create a fixed-size template for matching. The fusion process involves extracting and normalizing minutiae points from the fingerprint, followed by their integration with iris and facial features using a robust feature fusion algorithm. The fixed-size template ensures consistency and efficiency in the matching process, addressing challenges related to template size variability and computational overhead. Extensive experiments conducted on standard biometric datasets demonstrate that the proposed MFTM approach significantly enhances authentication accuracy, reduces false acceptance and rejection rates, and provides a highly secure and scalable authentication solution suitable for various applications, including access control and identity verification. The results show an authentication accuracy of 98.7%, a false acceptance rate (FAR) of 0.2%, and a false rejection rate (FRR) of 0.5%. Additionally, the computational time for matching is reduced by 25% compared to traditional methods, highlighting the efficiency and practicality of the proposed approach. [ABSTRACT FROM AUTHOR]

Published

2024

50. Modelling a Request and Response-Based Cryptographic Model For Executing Data Deduplication in the Cloud.

Author

Kumar, Doddi Suresh and Srinivasu, Nulaka

Subjects

DATA privacy, ELLIPTIC curve cryptography, INTERSTELLAR communication, ACCESS control, DATA warehousing, CLOUD storage

Abstract

Cloud storage is one of the most crucial components of cloud computing because it makes it simpler for users to share and manage their data on the cloud with authorized users. Secure deduplication has attracted much attention in cloud storage because it may remove redundancy from encrypted data to save storage space and communication overhead. Many current safe deduplication systems usually focus on accomplishing the following characteristics regarding security and privacy: Access control, tag consistency, data privacy and defence against various attacks. But as far as we know, none can simultaneously fulfil all four conditions. In this research, we offer a safe deduplication method that is effective and provides user-defined access control to address this flaw. Because it only allows the cloud service provider to grant data access on behalf of data owners, our proposed solution (Request-response-based Elliptic Curve Cryptography) may effectively delete duplicates without compromising the security and privacy of cloud users. A thorough security investigation reveals that our approved safe deduplication solution successfully thwarts brute-force attacks while dependably maintaining tag consistency and data confidentiality. Comprehensive simulations show that our solution surpasses the evaluation in computing, communication, storage overheads, and deduplication efficiency. [ABSTRACT FROM AUTHOR]

Published

2024