Your search keyword '"Computer security model"' showing total 12,677 results

1. Ambassy: A Runtime Framework to Delegate Trusted Applications in an ARM/FPGA Hybrid System

Author

Hyungon Moon, Yunheung Paek, Ji-Won Seo, Sanzhar Yeleuov, Dongil Hwang, and Minu Chung

Subjects

Security analysis, Delegate, Computer Networks and Communications, Computer science, business.industry, Mobile computing, Computer security model, Embedded system, Hybrid system, Component (UML), System on a chip, Electrical and Electronic Engineering, business, Field-programmable gate array, Software

Abstract

Many mobile systems run on ARM-based devices today. People use these for increasingly diverse yet security-sensitive applications. ARM has adopted a security model to tackle this threat, where they manage private information in an isolated trusted execution environment (TEE) provided by TrustZone. This TrustZone-based model has been proven effective, but due to security concerns, it is available solely for the vendors applications, thereby hindering the broad use of TrustZone. Consequently, we propose a runtime framework backed by TrustZone to construct a secondary TEE. AMBASSY has its residence built on an on-chip field-programmable gate array (FPGA), which is a standard component in an ARM/FPGA hybrid system readily available on the market today. This study, to the best of our knowledge, is the first attempt to broaden the use of TrustZone by using an FPGA to build a secondary TEE for arbitrary third-parties, which otherwise should be expelled to the Normal World. This paper describes many design challenges that we have overcome to fully implement AMBASSY on an FPGA. Our experiments demonstrate the practicality of AMBASSY by presenting the security analysis and performance results of third-party application samples. The samples all run safely on AMBASSY, with shorter execution time than regular TEE applications in TrustZone (by a factor of 5.552).

Published

2023

2. A Secure EMR Sharing System With Tamper Resistance and Expressive Access Control

Author

Guowen Xu, Yinghui Zhang, Jianting Ning, Yingjiu Li, Shengmin Xu, Robert H. Deng, and Xinyi Huang

Subjects

Scheme (programming language), Security analysis, business.industry, Computer science, Access control, Cloud computing, Computer security model, Encryption, Computer security, computer.software_genre, Cryptosystem, Electrical and Electronic Engineering, business, computer, Tamper resistance, computer.programming_language

Abstract

To reduce the cost of human and material resources and improve the collaborations among medical systems, research laboratories and insurance companies for healthcare researches and commercial activities, electronic medical records (EMRs) have been proposed to shift from paperwork to friendly shareable electronic records. To take advantage of EMRs efficiently and reduce the cost of local storage, EMRs are usually outsourced to the remote cloud for sharing medical data with authorized users. However, cloud service providers are untrustworthy. In this paper, we propose an efficient, secure, and flexible EMR sharing system by introducing a novel cryptosystem called dual-policy revocable attribute-based encryption and tamper resistance blockchain technology. Our proposed system enables EMRs to be shared at a fine-grained level and allows data users to detect any unauthorized manipulation. Moreover, the key generation center can revoke malicious users without affecting the honest users. We provide the formal security model as well as the concrete scheme with security analysis. The experimental simulation and experimental analysis of our proposed scheme demonstrate that our proposed system has superior performances to the most relevant solutions.

Published

2023

3. Autonomic computing system: Threats, security issues and an efficient approach for self protection

Author

Jasmine Marriappan, Neera Batra, Chitra, Vaibhav Jain, and Parveen Kumar Kaithal

Subjects

Risk analysis (engineering), SIMPLE (military communications protocol), Computer science, Self, Self protection, General Medicine, Computer security model, Autonomic computing

Abstract

Autonomic computing frameworks are the self overseeing frameworks as indicated by the objectives outlined by the administrator of the system. Incorporation of new elements in framework supported by Autonomic Computing happens as simple as in human body a new cell recreates itself. Autonomic Computing Systems (ACS) are relied upon to accomplish an indistinguishable level of self-direction and inescapability from human autonomic frameworks. Due to the highlights of ACS, the customary security model cannot be connected to ACS any more. The objective of our exploration is to build up a setting based security model and engineering for ACS. Our attention is on self-security highlight of ACS. The self- assurance include is implemented through security settings that we characterize. By considering security settings, security arrangements would dynamic is able to change so as to adapt to new condition.

Published

2023

4. A Cloud-Based Computing Framework for Artificial Intelligence Innovation in Support of Multidomain Operations

Author

Kelly Bennett, James Robertson, and John M. Fossaceca

Subjects

Computer science, business.industry, Strategy and Management, Deep learning, Cloud computing, Computer security model, Information assurance, computer.software_genre, Leverage (negotiation), Virtual machine, Key (cryptography), Artificial intelligence, Electrical and Electronic Engineering, business, computer, Agile software development

Abstract

The DoD’s artificial intelligence (AI) strategy requires the delivery of transformative and disruptive capabilities that impact the “character of the future battlefield and the pace of threats” that US forces must be prepared to handle. Candidate frameworks must also address key mission areas while enabling partnerships with the private sector, academia, and global allies. To meet these challenges, a flexible, cost-effective, and scalable computing infrastructure that incorporates cutting edge technologies and complies with stringent information assurance requirements is necessary. The DoD AI strategy mandates the agile employment of innovative AI capabilities that “rapidly and iteratively” execute experimentation with new operating concepts, and leverage lessons learned in subsequent experiments. Using cloud computing, we present a flexible approach to solve complex systems problems. Promoting “rapid experimentation” and collaboration on problems such as recursive algorithm implementation, deep learning, and inference in neural networks has enabled inherent advantages over existing computing frameworks. Leveraging the cloud to implement shared responsibility security models, serverless architectures, and high-performance virtual machines, aspects of the AI lifecycle including build, deploy, and monitor have resulted in an adaptable and scalable computing framework that is not only disruptive to the current computing paradigm but also promotes enhanced and productive collaboration.

Published

2022

5. Lightweight Public Key Authenticated Encryption With Keyword Search Against Adaptively-Chosen-Targets Adversaries for Mobile Devices

Author

Jiguo Li and Yang Lu

Subjects

Authenticated encryption, Computer Networks and Communications, business.industry, Computer science, Mobile computing, Computer security model, Computer security, computer.software_genre, Encryption, law.invention, Public-key cryptography, law, Electrical and Electronic Engineering, business, Cryptanalysis, Cloud storage, computer, Software, Adversary model

Abstract

Cloud storage services have grown extensively in recent years. For security and privacy purposes, sensitive data need to be outsourced to clouds in encrypted form. Searchable public key encryption (SPKE) enables data ciphertexts to be retrieved by keyword(s) without decryption. Unfortunately, most of the existing SPKE schemes cannot withstand the keyword guessing attack. To combat such attack, public key authenticated encryption with keyword search (PAEKS) was presented. However, the existing PAEKS schemes were proven secure under a designated-targets security model, in which an adversary only can attack a sender and a recipient designated by the challenger. Our cryptanalysis indicates that such a scheme may be insecure against the practical attacks where the adversaries choose their targets by themselves. To fight against adaptively-chosen-targets adversaries, we refine the adversary model for PAEKS by permitting the adversaries to choose their targets adaptively, and then formalize the security definitions under the improved security model. After that, we devise a lightweight PAEKS scheme that avoids the time-consuming bilinear pairing operations and give the security proofs. The comparisons show that it outperforms the existing bilinear pairing-based PAEKS schemes in both the computation and communication performance, and therefore is more suitable for the resource-constrained mobile devices.

Published

2022

6. SeUpdate: Secure Encrypted Data Update for Multi-User Environments

Author

Yuting Xiao, Jiabei Wang, Jianhao Li, Hui Ma, and Rui Zhang

Subjects

Scheme (programming language), Data processing, Computer science, business.industry, Access control, Computer security model, Permission, Multi-user, Encryption, Symmetric-key algorithm, Electrical and Electronic Engineering, business, computer, Computer network, computer.programming_language

Abstract

Searchable Symmetric Encryption (SSE) is a key tool for secure data processing. To date, most of the SSEs were studied alone, while an SSE supporting update operations over encrypted data remained a challenging problem due to various statistical attacks and multi-user environments. In this paper, we propose SeUpdate, the first SSE scheme that simultaneously achieves keyword search and controlled update over encrypted data, with flexible read (search) and write (update) access control policies among multiple users. In SeUpdate, users do not need to share secret keys and a single query enables one to efficiently search all his authorized data. We formally define a security model, and prove our scheme have both forward and backward security. We note that the write permission of an SSE is realized for the first time. We further extend the basic scheme with dynamic access policy update and support of a large number of files. We also implement SeUpdate and some related work. The theoretical and experimental analyses demonstrate our scheme and its extension are practical and efficient.

Published

2022

7. Revocable Attribute-Based Encryption With Data Integrity in Clouds

Author

Joonsang Baek, Liming Fang, Zhe Liu, Jinyue Xia, Willy Susilo, and Chunpeng Ge

Subjects

021110 strategic, defence & security studies, Revocation, business.industry, Computer science, 0211 other engineering and technologies, Plaintext, Cloud computing, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Encryption, Data integrity, Ciphertext, Attribute-based encryption, Electrical and Electronic Engineering, business, computer

Abstract

Cloud computing enables enterprises and individu-1 als to outsource and share their data. This way, cloud computing 2 eliminates the heavy workload of local information infrastruc-3 ture. Attribute-based encryption has become a promising solution 4 for encrypted data access control in clouds due to the ability 5 to achieve one-to-many encrypted data sharing. Revocation is a 6 critical requirement for encrypted data access control systems. 7 After outsourcing the encrypted attribute-based ciphertext to the 8 cloud, the data owner may want to revoke some recipients that 9 were authorized previously, which means that the outsourced 10 attribute-based ciphertext needs to be updated to a new one 11 that is under the revoked policy. The integrity issue arises when 12 the revocation is executed. When a new ciphertext with the 13 revoked access policy is generated by the cloud server, the data 14 recipient cannot be sure that the newly generated ciphertext 15 guarantees to be decrypted to the same plaintext as the originally 16 encrypted data, since the cloud server is provided by a third 17 party, which is not fully trusted. In this paper, we consider 18 a new security requirement for the revocable attribute-based 19 encryption schemes: integrity. We introduce a formal definition 20 and security model for the revocable attribute-based encryption 21 with data integrity protection (RABE-DI). Then, we propose 22 a concrete RABE-DI scheme and prove its confidentiality and 23 integrity under the defined security model. Finally, we present 24 an implementation result and provide performance evaluation 25 which shows that our scheme is efficient and practical. 26

Published

2022

8. Enabling Secure and Efficient Decentralized Storage Auditing With Blockchain

Author

Man Ho Au, Yuefeng Du, Anxin Zhou, Cong Wang, Huayi Duan, and Qian Wang

Subjects

Smart contract, Risk analysis (engineering), Computer science, Quality of service, Overhead (engineering), Context (language use), Audit, Electrical and Electronic Engineering, Market share, Computer security model, Cloud storage

Abstract

As a promising alternative solution to cloud storage, decentralized storage networks (DSN) are widely anticipated to develop continuously and reshape the storage market share in the foreseeable future. In particular, one of the most important research problems is how to enforce the quality of service (QoS) in the context of storage solutions. Despite plenty of auditing-related works in the context of cloud storage, none of them can be directly applied to the decentralized storage paradigm. The challenges of designing a feasible storage auditing framework emanate from two aspects: 1) security problems unique to the decentralized settings; 2) performance overhead due to on-chain operations. In this work, we first put forward a basic storage auditing framework that satisfies the security and efficiency requirements, and outperforms the existing approaches. We also identify a critical and overlooked security problem that would compromise the integrity of storage auditing solutions in the blockchain paradigm. With our refined storage auditing design based on customized zero knowledge protocols, we propose a convenient mitigation solution in our revised security model. The evaluation results confirm that our solution would only incur a 10%-15% increase in the overall auditing costs for common usage scenarios, compared to the basic design.

Published

2022

9. ABAC-Based Security Model for DDS

Author

Dae-Kyoo Kim, Hwimin Kim, and Alaa Alaerjan

Subjects

Service (systems architecture), business.industry, Computer science, Distributed computing, XACML, Access control, Computer security model, Domain (software engineering), Business process discovery, Middleware, Scalability, Electrical and Electronic Engineering, business, computer, computer.programming_language

Abstract

DDS is a middleware standard for data-centric publish/subscribe communication in a large scale real-time environment. DDS provides a security model for secure data communication. A major service of the security model is authorization. The authorization is based on the contents of messages rather than the information about the participant which should be the subject for access control. In this paper, we present a novel approach for improved authorization of the DDS security model using ABAC. We first analyze the DDS security model and identify integration points for ABAC. Based on the analysis, we incorporate ABAC entities into the security model with ABAC behaviors defined across RTPS and DCPS. We implemented the model in XACML and evaluated by applying it to a patient monitoring system in the healthcare domain for its effectiveness, scalability, and efficiency in a controlled environment. The evaluation on effectiveness demonstrates that the model successfully enforces access control during the discovery process in a dynamic changing setting. The evaluation on scalability and efficiency demonstrates that the model is capable of handling 1,050 access requests simultaneously under the average of 40.60 milliseconds with the average ABAC overheads of 10.62 milliseconds accounting for 26.67% of the communication time.

Published

2022

10. Anonymous Authenticated Key Agreement and Group Proof Protocol for Wearable Computing

Author

Zhenfeng Zhang, Yajun Guo, and Yimin Guo

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, Wearable computer, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Computer security model, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Electrical and Electronic Engineering, business, Software, Wearable technology, Computer network, Anonymity

Abstract

Wearable computing has been used in a wide range of applications. But wearable computing often suf-fers from various security and privacy issues. To solve these issues, many effective authentication schemes have been proposed. However, most of the existing schemes are vulnerable to various known attacks (such as desynchro-nization attack, privileged-insider attack, and anonymity attack), or require high computation and communication costs, and are not suitable for resource-constrained wear-able devices, or simultaneous verification of multiple wearable devices is not supported. Therefore, in this paper, we propose a new anonymous authentication and group proof protocol for wearable computing, which achieves mutual authentication between the wearable device and user and between user and cloud server, and generates a group proof for multiple wearable devices. Further, we extend the Real-Or-Random (ROR) model to support an-onymity and group proof, and formally prove that the proposed scheme is provably secure under the extended security model. In addition, the informal security analysis is demonstrated that the proposed scheme is more resilient against known attacks. Finally, compared with some existing schemes, the proposed scheme offers more functionality features and requires less communica-tion and computation costs.

Published

2022

11. Dynamic Proof of Data Possession and Replication With Tree Sharing and Batch Verification in the Cloud

Author

Hua Zhang, Wei Guo, Wenmin Li, Fei Gao, Su-Juan Qin, Qiao-Yan Wen, and Zhengping Jin

Subjects

Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, Distributed computing, Cloud computing, Computer security model, Replication (computing), Computer Science Applications, Tree (data structure), Hardware and Architecture, Server, Bandwidth (computing), Redundancy (engineering), business, Cloud storage

Abstract

Cloud storage attracts a lot of clients to join the paradise. For a high data availability, some clients require their files to be replicated and stored on multiple servers. Because clients are generally charged based on the redundancy level required by them, it is critical for clients to obtain convincing evidence that all replicas are stored correctly and are updated to the up-to-date version. In this paper, we propose a dynamic proof of data possession and replication (DPDPR) scheme, which is proved to be secure in the defined security model. Our scheme shares a single authenticated tree across multiple replicas, which reduces the tree's storage cost significantly. Our scheme allows for batch verification for multiple challenged leaves and can verify multiple replicas in a single batch way, which considerably save bandwidth and computation resources during audit process. We also evaluate the DPDPR's performance and compare it with the most related scheme. The evaluation results show that our scheme saves almost 66% tree's storage cost for three replicas, and obtains almost 60% and 80% efficiency improvements in terms of the overall bandwidth and computation costs, respectively, when three replicas are checked and each challenged with 460 blocks.

Published

2022

12. Dispelling myths on superposition attacks: formal security model and attack analyses

Author

Céline Chevalier, Luka Music, Elham Kashefi, Information Quantique [LIP6] (QI), LIP6, Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS), School of Informatics [Edimbourg], University of Edinburgh, Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Centre de Recherche en Economie et Droit (CRED), Université Panthéon-Assas (UP2), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Quandela SAS, Université Paris-Panthéon-Assas, and ANR-18-CE39-0015,CryptiQ,Cryptographie dans un monde quantique(2018)

Subjects

FOS: Computer and information sciences, 050101 languages & linguistics, Computer Science - Cryptography and Security, Computer science, FOS: Physical sciences, 02 engineering and technology, Computer security, computer.software_genre, Superposition principle, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [PHYS.QPHY]Physics [physics]/Quantum Physics [quant-ph], Quantum state, Intuition (Bergson), 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], 0501 psychology and cognitive sciences, Quantum information science, Computer Science::Cryptography and Security, Quantum Physics, Applied Mathematics, 05 social sciences, TheoryofComputation_GENERAL, Mythology, Computer security model, Adversary, Cryptographic protocol, 16. Peace & justice, Computer Science Applications, 020201 artificial intelligence & image processing, Quantum Physics (quant-ph), computer, Cryptography and Security (cs.CR)

Abstract

It is of folkloric belief that the security of classical cryptographic protocols is automatically broken if the Adversary is allowed to perform superposition queries and the honest players forced to perform actions coherently on quantum states. Another widely held intuition is that enforcing measurements on the exchanged messages is enough to protect protocols from these attacks. However, the reality is much more complex. Security models dealing with superposition attacks only consider unconditional security. Conversely, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing. In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and give an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: Adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. We use this newly imparted knowledge to construct the first concrete protocol for Secure Two-Party Computation that is resistant to superposition attacks. Our results show that there is no straightforward answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures., 46 pages

Published

2022

13. A Novel PUF-Based Group Authentication and Data Transmission Scheme for NB-IoT in 3GPP 5G Networks

Author

Xiongpeng Ren, Maode Ma, Hui Li, Jin Cao, and Yinghui Zhang

Subjects

Authentication, Computer Networks and Communications, business.industry, Computer science, Physical unclonable function, Mutual authentication, Computer security model, Computer Science Applications, Hardware and Architecture, Signal Processing, Code (cryptography), Key (cryptography), business, Formal verification, Information Systems, Computer network, Data transmission

Abstract

With the gradual commercialization of the fifth generation (5G) network, the narrowband Internet of Things (NB-IoT) system would have potential and prospective applications in future relying on the infrastructure. Meanwhile predictably, there are several security requirements to be satisfied, including concurrent access authentication for massive devices, identity privacy protection, physical attack resistance and application traffic security, etc. In this paper, we present a novel group authentication and data transmission scheme using the physically unclonable function (PUF) for NB-IoT in which the output of PUF is viewed as shared root key to achieve the mutual authentication along with key agreement. By this scheme, a Group Leader is employed to aggregate and relay authentication information and thus it reduces the signaling cost and communication cost followed by activating attach request messages from a sea of devices. Network side as well can surely find fake ones through individual truncated authentication code and detect honest devices with high probability when aggregated authentication code is invalid. Furthermore, the revised security model and the formal verification tool Scyther are employed to evaluate the security of the scheme. Finally, performance analysis results show that our solution has the desired efficiency.

Published

2022

14. A Secure Clinical Diagnosis With Privacy-Preserving Multiclass Support Vector Machine in Clouds

Author

Mingwu Zhang, Wenxiang Song, and Jixing Zhang

Subjects

Security analysis, 021103 operations research, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Service provider, Computer security model, Encryption, Machine learning, computer.software_genre, Computer Science Applications, Support vector machine, Information sensitivity, Control and Systems Engineering, Artificial intelligence, Electrical and Electronic Engineering, business, computer, Datasheet, Information Systems

Abstract

With the rapid growth of machine learning and artificial intelligence in medical cloud systems, cloud-aided medical computing has materialized a concrete platform for rapid realization of the service-oriented computing paradigm. However, using machine learning approaches in medical clouds might cause serious privacy leakage risk, for example, it needs to take the patients’ sensitive data as the inputs of the machine learning algorithm. In this article, we propose an efficient and privacy-preserving clinical diagnosis scheme that was performed by an (untrusted and malicious) outsourced cloud platform, which can provide the diagnosis assistance for doctors without leaking any sensitive information of patients and service providers. Concretely, we give the security model of privacy-preserving multiclass support vector machine (SVM) in outsourced medical clouds and design a secure clinical diagnosis scheme with privacy-preserving multiclass predecision and diagnosis. We propose a novel encoding approach to implement the encryption of negative number, and design several security building blocks, such as privacy-preserving decision function computing, privacy-preserving classification, and search of max decision function on encrypted fields, to provide the construction of the secure clinical diagnosis with privacy-preserving multiclass SVM. We give the concrete scheme and provide the experiment on Dermatology datasheet. Security analysis and experimental results indicate that the proposed scheme is efficient and practical in privacy-preserving clinical diagnosis systems.

Published

2022

15. Efficient Identity-Based Provable Multi-Copy Data Possession in Multi-Cloud Storage

Author

Jiguo Li, Yichen Zhang, and Hao Yan

Subjects

Computer Networks and Communications, business.industry, Computer science, Homomorphic encryption, 020206 networking & telecommunications, Cloud computing, Public key infrastructure, 02 engineering and technology, Computer security model, Computer Science Applications, System model, Hardware and Architecture, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, business, Cloud storage, Software, Information Systems, Computer network

Abstract

To increase the availability and durability of the outsourced data, many customers store multiple copies on multiple cloud servers. To guarantee the integrity of multi-copies, some provable data possession (PDP) protocols for multi-copy are presented. However, most of previous PDP protocols consider all copies to be stored on only one cloud storage server. In some degree, multi-copy makes little sense in such circumstance. Furthermore, many PDP protocols depend on the technique of public key infrastructure (PKI), which suffers many types of security vulnerabilities and also brings heavy communicational and computational cost. To increase the security and efficiency, we provide a novel identity-based PDP scheme of multi-copy on multiple cloud storage servers. In our scheme, all copies are delivered to different cloud storage servers, which work cooperatively to store the customer's data. By the homomorphic verifiable tags, the integrity of all copies can be checked simultaneously. The system model and security model of our scheme are provided in the paper. The security for our scheme is proved based on the computation Diffie-Hellman (CDH) hard problem. Analysis and experimental evaluation show that our scheme is efficient and practical. The proposed scheme is the first identity-based PDP scheme for multi-copy and multi-cloud servers.

Published

2022

16. A two-tier Blockchain framework to increase protection and autonomy of smart objects in the IoT

Author

Antonino Nocera, Luca Virgili, Domenico Ursino, Enrico Corradini, and Serena Nicolazzo

Subjects

Correctness, Blockchain, Computer Networks and Communications, Computer science, Smart objects, media_common.quotation_subject, Computer security model, Computer security, computer.software_genre, Object (computer science), Everyday life, computer, Autonomy, media_common, Reputation

Abstract

In recent years, the Internet of Things paradigm has become pervasive in everyday life attracting the interest of the research community. Two of the most important challenges to be addressed concern the protection of smart objects and the need to guarantee them a great autonomy. For this purpose, the definition of trust and reputation mechanisms appears crucial. At the same time, several researchers have started to adopt a common distributed ledger, such as a Blockchain, for building advanced solutions in the IoT. However, due to the high dimensionality of this problem, enabling a trust and reputation mechanism by leveraging a Blockchain-based technology could give rise to several performance issues in the IoT. In this paper, we propose a two-tier Blockchain framework to increase the security and autonomy of smart objects in the IoT by implementing a trust-based protection mechanism. In this framework, smart objects are suitably grouped into communities. To reduce the complexity of the solution, the first-tier Blockchain is local and is used only to record probing transactions performed to evaluate the trust of an object in another one of the same community or of a different community. Periodically, after a time window, these transactions are aggregated and the obtained values are stored in the second-tier Blockchain. Specifically, stored values are the reputation of each object inside its community and the trust of each community in the other ones of the framework. In this paper, we describe in detail our framework, its behavior, the security model associated with it and the tests carried out to evaluate its correctness and performance.

Published

2022

17. Lightweight and Expressive Fine-Grained Access Control for Healthcare Internet-of-Things

Author

Yinghui Zhang, Shengmin Xu, Robert H. Deng, Yingjiu Li, Xiangyang Luo, and Ximeng Liu

Subjects

Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, Cryptography, 02 engineering and technology, Computer security model, Encryption, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Software, Secure channel, Edge computing, Information Systems

Abstract

Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients' vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel healthcare IoT system fusing advantages of attribute-based encryption, cloud and edge computing, which provides an efficient, flexible, secure fine-grained access control mechanism with data verification in healthcare IoT network without any secure channel and enables data users to enjoy the lightweight decryption. We also define the formal security models and present security proofs for our proposed scheme. The extensive comparison and experimental simulation demonstrate that our scheme has better performance than existing solutions.

Published

2022

18. Combinatorial Analysis for Securing IoT-Assisted Industry 4.0 Applications From Vulnerability-Based Attacks

Author

Sabu M. Thampi and Gemini George

Subjects

Industry 4.0, Edge device, Computer science, business.industry, Distributed computing, Cloud computing, Computer security model, Bottleneck, Critical infrastructure, Computer Science Applications, Control and Systems Engineering, Combinatorial optimization, Enhanced Data Rates for GSM Evolution, Electrical and Electronic Engineering, business, Information Systems

Abstract

Modern Internet of Things (IoT)-assisted networks deploy many critical computing devices in the edge of the network so as to mitigate the bottleneck of network latency and bandwidth outage. Such computing devices have become attractive targets of attackers, as they derive critical insights that can often regulate the underlying industrial processes. Security administrators have to analyze vulnerable configurations, and evaluate feasible hardening options to secure such systems. In this article, we investigate the security threats to the edge devices in the IoT-assisted networks because of the inherent vulnerabilities present in the IoT devices, and formulate a novel graphical security model to conduct vulnerability-based risk assessment in such networks. We further propose a set of combinatorial optimization techniques for security hardening. For securing the target devices, we propose a randomized algorithm to enforce isolation of potential target devices from the attackers. The algorithm produces the least number of vulnerabilities, the removal of which protects the targets. For densely connected networks, we propose another algorithm to identify a minimal set of vulnerabilities to be hardened so as to keep potential targets below admissible levels of risk. The approach includes the formulation of an integer linear program, which is relaxed to solve in polynomial time, followed by a round-off technique to find the actual solution.

Published

2022

19. Adaptive Secure Nearest Neighbor Query Processing Over Encrypted Data

Author

Huaqiang Yuan, Alex X. Liu, Huanle Xu, Rui Li, and Ying Liu

Subjects

Scheme (programming language), Theoretical computer science, Computer science, business.industry, Plain text, computer.file_format, Computer security model, Encryption, k-nearest neighbors algorithm, Data point, Ciphertext, Scalability, Electrical and Electronic Engineering, Nuclear Experiment, business, computer, Computer Science::Cryptography and Security, computer.programming_language

Abstract

Nearest neighbor query processing is a fundamental problem that arises in many fields such as spatial databases and machine learning. This paper aims to address the Secure Nearest Neighbor (SNN) problem in cloud computing. Prior SNN schemes are both insecure and inefficient. In this paper, we formally prove and experimentally demonstrate that the SNN scheme ASPE is actually insecure against even ciphertext only attacks. Although prior work proved that it is impossible to construct an SNN scheme even in much relaxed standard security models, we point out the flaws of the hardness proof. We propose an SNN scheme and prove that it is secure against adaptive chosen keyword attacks. Our scheme is efficient as its query processing complexity is logarithmic. To evaluate the efficiency of our SNN scheme, we implemented our scheme in C++ and compared its performance with a plain text schemes, binary scheme, and a PIR scheme on a large set of over 10 million real-world data points. Experimental results show that our scheme is fast (0.124 millisecond per query when data set size is 10 million) and scalable in terms of the number of data points.

Published

2022

20. Multi-Client Sub-Linear Boolean Keyword Searching for Encrypted Cloud Storage with Owner-Enforced Authorization

Author

Rongxing Lu, Mi Wen, Kefei Chen, and Kai Zhang

Subjects

Cloud computing security, business.industry, Computer science, Cloud computing, Access control, Computer security model, Computer security, computer.software_genre, Inverted index, Encryption, Outsourcing, Electrical and Electronic Engineering, business, computer, Cloud storage

Abstract

To date, cloud computing has emerged as a primary utility for providing remote data storage services for users, since users can thus be relieved from cumbersome document maintenance. Despite of the benefits brought by data outsourcing, the unexpected data breaches raise concerns about data confidentiality and privacy. To deal with this, a straightforward and convincing strategy is to encrypt data before outsourcing them to the cloud. However, securely sharing and searching over outsourced encrypted data has turned into a challenge due to the hindrance led by data encryption. To address the challenge, this article proposes a new highly-scalable searchable encryption scheme for encrypted cloud storage. The scheme achieves sub-linear Boolean keyword searching, and moreover allows the data owner to authorize which clients could search or access the documents in the cloud. Technically, we revisit searchable symmetric encryption primitive by non-trivially combining it with a novel access control technique, and build an inverted index data structure for both attribute-based access control and sub-linear search process. Furthermore, we introduce a formalized security definition for the system, and prove its security in the simulation-based security model. Finally, we conduct a couple of experiments over a representative real-world dataset to show practicality.

Published

2021

21. Provable Data Possession with Outsourced Data Transfer

Author

Huaqun Wang, Qihua Wang, Qi Li, Debiao He, and Anmin Fu

Subjects

Flexibility (engineering), Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, 05 social sciences, Data security, Cloud computing, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Computer Science Applications, System model, Outsourcing, Upload, Hardware and Architecture, Data integrity, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, 050203 business & management

Abstract

With the rapid development of cloud computing, more and more enterprises would like to upload and store their data in the public cloud. When the parts of the business of an enterprise are purchased by another enterprise, the corresponding data will be transferred to the acquiring enterprise. For the usual case, how to outsource the computation cost of data transfer to the cloud How to ensure the remote purchased data integrity Thus, it is important to study provable data possession with outsourced data transfer (DT-PDP). In this paper, for the first time, we propose the novel concept: DT-PDP. By taking use of DT-PDP, the following three security requirements can be satisfied: (1) the other un-purchased data security of acquired enterprise can be ensured; (2) the purchased data integrity and privacy can be ensured; (3) the data transferability's computation can be outsourced to the public cloud servers. For the security concept of DT-PDP, we give its motivation, system model and security model. Then, we design a concrete DT-PDP scheme based on the bilinear pairings. At last, we analyze the security, efficiency and flexibility of the concrete DT-PDP scheme. It shows that our scheme is provably secure and efficient.

Published

2021

22. Efficient public-key encryption with equality test from lattices

Author

Qinyi Li and Xavier Boyen

Subjects

Property (philosophy), General Computer Science, business.industry, Computer science, Computer security model, Encryption, Computer security, computer.software_genre, Theoretical Computer Science, Test (assessment), Public-key cryptography, Simple (abstract algebra), Lattice (order), business, computer

Abstract

Public-key encryption with equality (PKEET) test enables testing if two ciphertexts, possibly under two different public keys, encrypt the same messages. Recent research on PKEET considers the setting where the testing ability is delegated to semi-trusted parties to negate unfettered chosen-plaintext attacks. In this work, we revise and enhance the PKEET security model, and introduce a new property of unmaskability which further prevents an attacker from skirting the test. We then propose a simple and efficient PKEET system with adaptive chosen-ciphertext security, provably secure under our revised security model, from either plain or ring lattice assumptions. The construction adopts a direct approach which significantly departs from the existing way of building such systems. Compared with existing literature, our system relies on weaker learning-with-errors assumptions while also being more efficient and providing better security.

Published

2021

23. Profit maximization for security-aware task offloading in edge-cloud environment

Author

Binbin Huang, Dongjin Yu, Zhongjin Li, Haiyang Hu, Victor Chang, and Jidong Ge

Subjects

Edge device, Computer Networks and Communications, Computer science, business.industry, Distributed computing, Data security, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security model, Theoretical Computer Science, Task (project management), Artificial Intelligence, Hardware and Architecture, Genetic algorithm, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Applications of artificial intelligence, Enhanced Data Rates for GSM Evolution, business, Software

Abstract

Mobile devices (MDs) and applications are receiving extensive popularity and attracting significant attention. Mobile applications, especially for artificial intelligence (AI) applications, require powerful computation-intensive resources. Hence, running all the AI applications on a single MD introduces high energy consumption and application delay, as it has limited battery capacity and computation resources. Fortunately, the emerging edge-cloud computing (ECC) architecture pushes the computation resource to both the network edge and remote cloud to cope with challenging AI applications. Although the advantage of ECC greatly benefits various mobile applications, data security remains an important open issue in this scenario, which has not been well studied. This paper focuses on the profit maximization (PM) problem for security-aware task offloading in an ECC environment, i.e., considering the tasks from MDs with different service demands, edge nodes should decide them to be processed on the edge node or the remote cloud with a security guarantee. Specifically, we first construct the security model to measure the time overhead for each task under various scenarios. We then formulate the PM problem by jointly considering the security demand and deadline constraints of tasks. Finally, we propose a genetic algorithm-based PM (GA-PM) algorithm, the coding strategy of which considers the task execution location and execution order. Moreover, the crossover and mutation operations are implemented based on the coding strategy. Extensive simulation experiments with various parameters varying demonstrate that our GA-PM can achieve better performance than all the comparison algorithms.

Published

2021

24. Authentication and key establishment protocol from supersingular isogeny for mobile environments

Author

Mingping Qi and Jianhua Chen

Subjects

Isogeny, Password, Authentication, Computer science, Computer security model, Computer security, computer.software_genre, Theoretical Computer Science, Hardware and Architecture, Software security assurance, Personal computer, Session key, Key encapsulation, computer, Software, Information Systems

Abstract

This paper presents a provably secure post-quantum authentication and key establishment protocol for mobile environments, which is the first one from supersingular isogeny to our best knowledge that achieves the client user authentication by using the convenient password and the server authentication by using the password-transformed secret value and its certificate, together with the final session key establishment between them. This makes it be quite suitable for providing quantum-resilient security assurance in mobile environments in the near future post-quantum era. The presented protocol actually is constructed by integrating the password-based authentication way with the key encapsulation mechanism and thereby is named as PBKEM for short. The presented post-quantum PBKEM protocol from supersingular isogeny is formally proved secure in the random oracle model under the well-known Bellare–Pointcheval–Rogaway (BPR) security model, whose security is finally reduced to the SI-CDH security assumption and the IND-CCA security of the SIKE scheme. Moreover, it is implemented on a personal computer by using the SIDH Library provided by Microsoft, and the experimental results have shown that the protocol is efficient enough to be applied in practice to provide quantum-resilient security assurance.

Published

2021

25. Generic construction for tightly-secure signatures from discrete log

Author

Fuchun Guo, Zhen Zhao, Willy Susilo, Jianchang Lai, Ge Wu, and Peng Jiang

Subjects

Theoretical computer science, General Computer Science, Computer science, business.industry, Cryptography, Construct (python library), Computer security model, Signature (logic), Theoretical Computer Science, Public-key cryptography, Transformation (function), Discrete logarithm, Key (cryptography), business

Abstract

Tightly secure signature plays a significant role in the research of cryptography and has been studied extensively in the literature. In this paper, we present a generic construction for tightly-secure signatures from the discrete log (DL) assumption in the existential-unforgeability against key only attacks (EUF-KOA) security model, where the adversary is allowed to obtain only the public key, but not any sample signature. Moreover, the generic construction can also be extended into the multi-user setting with corruptions (MU-C) model. Roughly speaking, given any signature scheme, we can efficiently convert it into a signature scheme that features tight security under the DL assumption in the MU-EUF-KOA-C security model with random oracles. Our transformation shows it is easy to construct a DL-equivalent signature in the EUF-KOA security model, although many known DL-based signatures are not equivalent to DL. If the given signature scheme is key-re-randomizable, the transformed scheme is also key-re-randomizable. Hence, our result provides a supplement to Bader et al.'s work (EUROCRYPT 2016).

Published

2021

26. Privacy-preserving voluntary-tallying leader election for internet of things

Author

Liehuang Zhu, Tong Wu, Yulin Wu, and Guomin Yang

Subjects

Leader election, Information Systems and Management, Computer science, media_common.quotation_subject, 02 engineering and technology, Computer security, computer.software_genre, Decentralization, Theoretical Computer Science, Artificial Intelligence, Voting, Secrecy, Node (computer science), 0202 electrical engineering, electronic engineering, information engineering, Redundancy (engineering), media_common, business.industry, 05 social sciences, 050301 education, Computer security model, Computer Science Applications, Control and Systems Engineering, 020201 artificial intelligence & image processing, Data center, business, 0503 education, computer, Software

Abstract

The Internet of Things (IoT) is commonly deployed with devices of limited power and computation capability. A centralized IoT architecture provides a simplified management for IoT system but brings redundancy by the unnecessary data traffic with a data center. A decentralized IoT reduces the cost on data traffic and is resilient to the single-point-of-failure. The blockchain technique has attracted a large amount of research, which is redeemed as a perspective of decentralized IoT system infrastructure. It also brings new privacy challenges for that the blockchain is a public ledger of all digital events executed and shared among all participants. The decentralized IoT system relies on the leader election deeply to implement the decentralized communications among the distributed nodes. The conventional leader election must have a centralized authority, contrasting to the decentralization. As an alternative, self-tallying type schemes have been proposed in the literature for decentralized systems. These schemes suffer from adaptive and abortive issues. Also, some additional factors should be considered, such as the availability of candidate nodes. If the candidate node is unavailable after the voting phase due to being offline or ongoing tasks, the next available candidate should be elected. To accommodate such a need, in this paper, we propose a new leader election paradigm called voluntary-tallying leader election, which achieves the core requirements such as ballet secrecy, voter privacy and the additional feature of voluntary-tallying. We formalize the system and security models for this new election paradigm and present a secure and practical construction.

Published

2021

27. Comprehensive Security: The Opportunities and Challenges of Incorporating Environmental Threats in Security Policy

Author

Helmi Räisänen, Mikko J. Virtanen, Jussi T. Eronen, Janne Hukkinen, Emma Hakala, Social Policy, Past Present Sustainability (PAES), Helsinki Institute of Sustainability Science (HELSUS), Environmental Policy Research Group (EPRG), Faculty of Law, Toxic Crimes: Human Rights and the Destruction of the Environment during Conflict, Eastern European Studies (Aleksanteri Institute), Creative adaptation to wicked socio-environmental disruptions (WISE STN), Environmental Sciences, Department of Economics and Management, Ecosystems and Environment Research Programme, Faculty Common Matters (Faculty of Social Sciences), and Sociology

Subjects

Environmental security, Civil society, Public Administration, Sociology and Political Science, Politikwissenschaft, Friedens- und Konfliktforschung, Sicherheitspolitik, Peace and Conflict Research, International Conflicts, Security Policy, 0211 other engineering and technologies, 02 engineering and technology, Ecology, Environment, Geopolitics, Security policy, Ökologie und Umwelt, Sicherheitspolitik, 050601 international relations, Political science (General), security policy, environmental policy, Ökologie, ddc:577, Empirical evidence, Political science, 1172 Environmental sciences, CONFLICT, Klimawandel, 021110 strategic, defence & security studies, CLIMATE-CHANGE, Ecology, 05 social sciences, comprehensive security, environmental security, Computer security model, 16. Peace & justice, 0506 political science, climate change, Risk analysis (engineering), 13. Climate action, Foreign policy, Preparedness, ddc:320, Umweltpolitik, 5171 Political Science, Business, JA1-92

Abstract

In security and foreign policy discourse, environmental issues have been discussed increasingly as security threats that require immediate action. Yet, as the traditional security sector does not provide straightforward means to deal with climate change and other environmental issues, this has prompted concerns over undue securitisation and ill-placed extreme measures. We argue that an effective policy to address foreseeable environmental security threats can only be developed and maintained by ensuring that it remains resolutely within the domain of civil society. In this article, we consider the case of Finland, where the policy concept of comprehensive security has been presented as the official guideline for security and preparedness activities in different sectors. Comprehensive security aims to safeguard the vital functions of society through cooperation between authorities, business operators, organisations, and citizens. We analyse the opportunities and challenges of Finland’s comprehensive security policy in addressing environmental changes through a three-level framework of local, geopolitical and structural security impacts. Our empirical evidence is based on a set of expert interviews (n = 40) that represent a wide range of fields relevant to unconventional security issues. We find that the Finnish comprehensive security model provides an example of a wide and inclusive perspective to security which would allow for taking into account environmental security concerns. However, due to major challenges in the implementation of the model, it does not fully incorporate the long-term, cross-sectoral, and cascading aspects of environmental threats. This weakens Finland’s preparedness against climate change which currently poses some of the most urgent environmental security problems.

Published

2021

28. Constructing Financial Information Security Model Based on PCA and Optimized BP Neural Network

Author

Chu Zhang

Subjects

Artificial neural network, Computer science, business.industry, Computer security model, Computer Science Applications, Theoretical Computer Science, Risk analysis (engineering), Information and Communications Technology, Financial information, Electrical and Electronic Engineering, business, 5G, Financial services, Computer technology

Abstract

In recent years, with the rapid development of 5G technology, computer technology, communication technology, and the financial industry, people have paid more and more attention to financial inform...

Published

2021

29. Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

Author

Dong Seong Kim, Ing-Ray Chen, Gaurav Dixit, Mengmeng Ge, and Jin-Hee Cho

Subjects

Service (systems architecture), Shuffling, Computer Networks and Communications, Computer science, business.industry, Genetic algorithm, Path (graph theory), Computer security model, Software-defined networking, Network topology, Decoy, business, Computer network

Abstract

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Published

2021

30. Smart factory: security issues, challenges, and solutions

Author

Ki Jung Yi and Young-Sik Jeong

Subjects

General Computer Science, business.industry, Computer science, media_common.quotation_subject, Information technology, Computer security model, Asset (computer security), Product (business), Risk analysis (engineering), Information and Communications Technology, Manufacturing, Factory (object-oriented programming), Quality (business), business, media_common

Abstract

Recently, due to the population aging and the fast development of information and communications technology (ICT), the number of laborers has remarkably decreased. This has created a demand to improve the productivity and product quality of companies and manufacturers. Besides, Smart Factories are expected to meet those requirements as consumers' needs are diversified, demanding personalized production and rapid and accurate manufacturing innovation rather than traditional manufacturing firms. The term “Smart Factory” means an intelligent factory that integrates ICT into the traditional manufacturing industry. This applies to the entire process of planning, requirement analysis, design, production, distribution, and sales. Smart Factory broadly covers level 4 areas that deal with general information technology (IT) and level 0–3 areas that deal with operational technology (OT). Thus, information covered in OT areas can cause problems not only for a company but also for its country if it is leaked to the outside world as a company’s core asset. Therefore, it is important to identify and respond to potential security threats in a Smart Factory environment. To this end, in this paper, we research the components of major Smart Factory architecture. Subsequently, we discuss security issues and problems that may occur before the establishment of a Smart Factory. Finally, we propose a Smart Factory security model and a secure response to cyberattacks to address security issues.

Published

2021

31. Hybrid Trusted/Untrusted Relay-Based Quantum Key Distribution Over Optical Backbone Networks

Author

Jiajia Chen, Jie Zhang, Yongli Zhao, Rui Lin, Jun Li, and Yuan Cao

Subjects

Network architecture, Computer Networks and Communications, business.industry, Computer science, Node (networking), Computer security model, Quantum key distribution, Critical infrastructure, law.invention, Relay, law, Benchmark (computing), Electrical and Electronic Engineering, business, 5G, Computer network

Abstract

Quantum key distribution (QKD) has demonstrated a great potential to provide future-proofed security, especially for 5G and beyond communications. As the critical infrastructure for 5G and beyond communications, optical networks can offer a cost-effective solution to QKD deployment utilizing the existing fiber resources. In particular, measurement-device-independent QKD shows its ability to extend the secure distance with the aid of an untrusted relay. Compared to the trusted relay, the untrusted relay has obviously better security, since it does not rely on any assumption on measurement and even allows to be accessed by an eavesdropper. However, it cannot extend QKD to an arbitrary distance like the trusted relay, such that it is expected to be combined with the trusted relay for large-scale QKD deployment. In this work, we study the hybrid trusted/untrusted relay based QKD deployment over optical backbone networks and focus on cost optimization during the deployment phase. A new network architecture of hybrid trusted/untrusted relay based QKD over optical backbone networks is described, where the node structures of the trusted relay and untrusted relay are elaborated. The corresponding network, cost, and security models are formulated. To optimize the deployment cost, an integer linear programming model and a heuristic algorithm are designed. Numerical simulations verify that the cost-optimized design can significantly outperform the benchmark algorithm in terms of deployment cost and security level. Up to 25% cost saving can be achieved by deploying QKD with the hybrid trusted/untrusted relay scheme while keeping much higher security level relative to the conventional point-to-point QKD protocols that are only with the trusted relays.

Published

2021

32. Two-Pass Privacy Preserving Authenticated Key Agreement Scheme for Smart Grid

Author

Jianhua Chen and Mingping Qi

Subjects

Authentication, Computer Networks and Communications, Smart meter, Computer science, Mutual authentication, Trusted third party, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Smart grid, Control and Systems Engineering, Key (cryptography), Electrical and Electronic Engineering, computer, Implicit certificate, Information Systems

Abstract

The design of an authenticated key agreement protocol for securing the smart meter communications in smart grid networks has attracted growing attention recently. Typically, realizing mutual authentication and key agreement without active involvement of a trusted third party is expected in this field. Thus, to achieve this aim, several authenticated key agreement schemes for smart grid have been presented; while as investigated in the following section of this work, most of these schemes remain vulnerable to various attacks. Therefore, to design a truly secure authenticated key agreement protocol for smart grid and make some contributions to this field, this work presents our new authenticated key agreement scheme for smart grid using Elliptic Curve Qu-Vanstone (ECQV) implicit certificate as the building block. Our scheme is pairing-free and just uses two passes to realize mutual authentication and key agreement as well as strong credential privacy, making it with high efficiency in both computation and communication overheads. Moreover, its security is formally proved under the widely accepted Canetti and Krawczyk (CK) security model, and is further confirmed by a heuristic security analysis.

Published

2021

33. A proposed authentication and group-key distribution model for data warehouse signature, DWS framework

Author

Hesham N. Elmahdy, Mayada AlMeghari, Xuemin Shen, and Sanaa Taha

Subjects

Parallel computing, Middleware, Authentication, Security analysis, Modular symmetric polynomial, Modular arithmetic, business.industry, Computer science, Distributed computing, QA75.5-76.95, Management Science and Operations Research, Computer security model, Modular design, Data warehouse, Computer Science Applications, Symmetric polynomial, Electronic computers. Computer science, Key (cryptography), business, Group key, Information Systems, Computer Science::Cryptography and Security

Abstract

In the virtual world, the authentication process is used to prove the identity for both of the server and the clients. Therefore, the authentication is an urgent issue for sharing data between users in the data warehouse systems. This paper presents the enhancement of Data Warehouse Signature (DWS) framework through proposing a novel authentication and group-key distribution model, based on the modular symmetric polynomials, to distribute a secure group-key between the manager and the chosen executors. To the best of our knowledge, we are the first to propose a group-key based on the symmetric polynomial and the modular arithmetic. This leads to increase the security level of the proposed model from t, where t is the symmetric polynomial degree, to ∑ i = 1 c c i × t , where c is the number of executors in the DWS system. In this paper, enhancing the DWS achieves the high performance using a parallel computing in our middleware. The proposed model has the lowest cost of computation, communication and complexity overheads among the existing security models. Additionally, security analysis shows that the proposed model achieves the key security, prevents insider and outsider attacks, and provides forward and backward secrecy.

Published

2021

34. Improving IoT Privacy, Data Protection and Security Concerns

Author

Calvin Lee and Gouher Ahmed

Subjects

Computer science, business.industry, Research studies, Data Protection Act 1998, Computer security model, Computer security, computer.software_genre, Internet of Things, business, computer

Abstract

IoT has continued to evolve over the years with a promise to provide the users with effective means to interact, communicate, transact and create strong relationship. The invention and the development of IoT have created benefits for many businesses and individuals. However, as the IoT continues to evolve and develop, it has been subjected to certain threats and vulnerabilities. The common vulnerabilities notable in IoT include the security, privacy and data protection concerns. These issues have not been addressed by many scholars thus necessitated the need for this research study. Therefor the research study was concerned with the developed of a new IoT model that can enhance the security and privacy of the users of the IoT. The results indicate that the new model can be effective in addressing the needs of the IoT users. However, it noted that future research studies are still needed to improve the performance of the IoT security models.

Published

2021

35. A Novel Pairing-Free Lightweight Authentication Protocol for Mobile Cloud Computing Framework

Author

Azeem Irshad, Neeraj Kumar, Osama Ahmad Alomari, Shehzad Ashraf Chaudhry, and Khalid Yahya

Subjects

Authentication, 021103 operations research, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Mobile computing, Cloud computing, 02 engineering and technology, Computer security model, Computer Science Applications, Mobile cloud computing, Control and Systems Engineering, Authentication protocol, Key (cryptography), Electrical and Electronic Engineering, business, Mobile device, Information Systems, Computer network

Abstract

The mobile cloud computing (MCC) refers to an infrastructure that integrates cloud computing and mobile computing, and it has changed a great deal, the service provisioning of applications, which requires to get the data processed after collection from vast sensor and Internet-of-Things-based network. The ever increasing number of handheld mobile gadgets has exacerbated the need for robust and efficient authenticated key agreements. We could witness a number of MCC-based multiserver authentication schemes lately to foster the secure adaptation of the technology; however, the demonstrated solutions are either insecure or employing too costly bilinear pairing operations for implementation. In view of limitations, as illustrated in previous studies, we propose a novel pairing-free multiserver authentication protocol for MCC environment based on an elliptic curve cryptosystem that is not only efficient, but also free from security loopholes as demonstrated. The performance evaluation section discusses and distinguishes the findings among latest studies. The strength of the contributed scheme is proved theoretically under formal security model.

Published

2021

36. SQL Server Security Model

Author

Peter A. Carter

Subjects

Database, Computer science, InformationSystems_DATABASEMANAGEMENT, PL/SQL, Data Transformation Services, Computer security model, computer.software_genre, Language Integrated Query, User-defined function, SQL injection, SQL/PSM, computer, computer.programming_language, Business Intelligence Markup Language

Abstract

SQL Server 2014 offers a complex security model with overlapping layers of security that help database administrators (DBAs) counter the risks and threats in a manageable way. It is important for DBAs to understand the SQL Server security model so that they can implement the technologies in the way that best fits the needs of their organization and applications. This chapter discusses the SQL Server security hierarchy before demonstrating how to implement security at the instance, database, and object levels.

Published

2022

37. Automating Maintenance Routines

Author

Peter A Carter

Subjects

Computer science, business.industry, Sql server, Maintenance plan, Database administrator, Total cost of ownership, Computer security model, business, Security context, Software engineering, Automation, Scheduling (computing)

Abstract

Automation is a critical part of database administration because it reduces the total cost of ownership (TCO) of the enterprise by allowing repeatable tasks to be carried out with little or no human intervention. SQL Server provides a rich set of functionality for automating routine DBA activity, including a scheduling engine, decision-tree logic, and a comprehensive security model. In this chapter, we discuss how you can harness SQL Server Agent, maintenance plans, and SSIS (SQL Server Integration Services) to reduce the maintenance burden on your time. We also look at how you can reduce effort by using multiserver jobs, which allow you to operate a consistent set of routines across the enterprise.

Published

2022

38. A Study of Malware Propagation Dynamics in Wireless Sensor Network Using Spatially Correlated Security Model

Author

R. Biswal Satya and K. Swain Santosh

Subjects

General Computer Science, Computer science, business.industry, Dynamics (music), Malware, Computer security model, business, computer.software_genre, Wireless sensor network, computer, Computer network

Abstract

Background: The paper discussed about the malware propagation dynamics in wireless sensor network. Malware attack is harmful for network stability as well as battery consumption of sensor nodes. Objective: The objective of proposed study is to develop a model that describes the dynamic propagation behavior of malware in wireless sensor network and suggest corrective measure through which breakout from the network. Methods: Use the concept of epidemic modeling and spatial correlation to describe the malware dynamics in wireless sensor network. Write the sets of differential equation to study its behavior. Results: Methodically find results have been verified with the help of simulation using MATLAB. The effect of spatial correlation on malware propagation in wireless sensor network has been analyzed. Conclusion: In this paper, an epidemic based model with spatial correlation is presented for the study of malware propagation characteristics in WSN. The equilibrium points of the system have been obtained. The expression of basic reproduction number and threshold value of correlation coefficient have been obtained. The basics reproduction (R 0 ) helps in the analysis of network stability. On the basis of their value we found that if R 0 is less than one the system will be stable and malware-free, and when R 0 is greater than one the system exists in endemic state and malware persists in the network. The spatial correlation helps to control the malware propagation in the network.

Published

2021

39. Public key encryption with filtered equality test revisited

Author

Yu-Chi Chen, Raylin Tso, Hung-Yu Tsao, and Xin Xie

Subjects

Scheme (programming language), business.industry, Applied Mathematics, Cryptography, Computer security model, Encryption, Computer security, computer.software_genre, Computer Science Applications, Test (assessment), Public-key cryptography, Ciphertext, business, computer, Formal description, computer.programming_language, Mathematics

Abstract

Without revealing data in the plain, public key encryption with equality test can achieve the basic cryptographic functionalities required. However, the extended version, i.e., public encryption with filtered equality test (PKE-FET) can be used to only test the ciphertext only for some data. In this paper, we revisit the notion of PKE-FET on various security models. We provide a formal definition for the security of PKE-FET and present a new scheme to achieve a stronger level of security than the existing scheme.

Published

2021

40. A Provenance-Aware Distributed Trust Model for Resilient Unmanned Aerial Vehicle Networks

Author

Chunpeng Ge, Gerhard P. Hancke, Lu Zhou, and Chunhua Su

Subjects

Routing protocol, Computer Networks and Communications, business.industry, Computer science, Wireless ad hoc network, Topology (electrical circuits), Energy consumption, Computer security model, Computer Science Applications, Digital signature, Transmission (telecommunications), Hardware and Architecture, Signal Processing, Open architecture, business, Information Systems, Computer network

Abstract

An unmanned aerial vehicle (UAV) network is an emerging industrial IoT network for collaborative UAV communication and management. The open architecture and dynamic topology, which provide functional benefits, unfortunately make UAVNs more vulnerable to a variety of attacks. In UAVNs, malicious nodes not only eavesdrop the communications between UAV nodes but also attempt to attack the entire network by injecting or modifying messages. This work proposes a provenance-aware distributed trust model, named UAV-pro, for UAVNs that aim to achieve accurate peer-to-peer trust assessment and maximize the delivery of correct messages received by destination nodes while minimizing the message delay and communication cost under resource-constrained network environments. Provenance refers to the history of ownership of messages transmitted on the network. The behavior of message creators and operators can be effectively evaluated based on message integrity, then generate the observational evidence. We collect the observational evidence for distributed trust evaluation, then identify malicious nodes in the network and isolate them from the network. UAVN-pro takes a data-driven approach to reduce resource consumption in the presence of selfish or malicious nodes while ensuring the safe transmission of data by digital signature technology. The experimental results show that UAVN-pro works are compatible with the existing UAV network routing protocols, and can effectively identify attacks, such as the black hole, gray hole, message modification, fake recommendation, and fake identity in UAV networks. UAVN-pro is superior to the existing security model in terms of detection rate, delivery rate, and system energy consumption in most cases.

Published

2021

41. Continuous Probabilistic Skyline Query for Secure Worker Selection in Mobile Crowdsensing

Author

Xichen Zhang, Ali A. Ghorbani, Rongxing Lu, Jun Shao, and Hui Zhu

Subjects

Security analysis, Operations research, Computer Networks and Communications, business.industry, Computer science, Probabilistic logic, Computer security model, Computer Science Applications, Outsourcing, Information sensitivity, Hardware and Architecture, Server, Signal Processing, business, Personally identifiable information, ElGamal encryption, Information Systems

Abstract

Worker selection is always one of the most fundamental problems in mobile crowdsensing (MCS), since the reliability of workers’ sensing data is hugely significant to the service quality. In the worker selection process, it is inevitable for the workers to share some of their sensitive information. Consequently, numerous studies are conducted on the problem of privacy-preserving worker selection in MCS platforms. However, most of the existing methods focus on static and short-term situations. As a result, they are inapplicable to the highly dynamic environments where the MCS tasks are long term and the workers can continuously arrive at/leave the system. To solve these problems, in this article, we propose a privacy-preserving worker selection scheme based on the probabilistic skyline over sliding windows. Specifically, the proposed scheme can select reliable workers for each current sliding window in terms of working experience, expiry time, and trustability. Besides, we design an ElGamal encryption-based scheme for securely outsourcing and comparing workers’ personal information without revealing their privacy. Detailed security analysis shows that the workers’ sensitive information, e.g., working experience and trustability, are not revealed to any authorized parties during the process of MCS under our security model. Furthermore, extensive experiments on both real-world and simulated data sets demonstrate that our proposed scheme outperforms the baseline method in two application scenarios, i.e., 1) continuous worker arrival and 2) continuous worker departure.

Published

2021

42. SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things

Author

Golam Kayas, S. M. Riazul Islam, Jamie Payton, and Mahmud Hossain

Subjects

Service (systems architecture), Computer Networks and Communications, Computer science, business.industry, Access method, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Computer security model, Computer Science Applications, Protocol stack, Hardware and Architecture, Signal Processing, Universal Plug and Play, Overhead (computing), business, Protocol (object-oriented programming), Information Systems, Buffer overflow, Computer network

Abstract

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Internet-of-Things (IoT) deployments. However, the protocol’s service access mechanism does not consider security from the first principles and is therefore vulnerable to various attacks. In this article, we present an in-depth analysis of the service advertisement, discovery, and access methods of the UPnP protocol stack and identify security issues in an IoT network. Our analysis shows that adversaries can perform resource exhaustion, buffer overflow, reflection, and amplification attacks by exploiting the vulnerabilities of the UPnP protocol. To address these issues, we propose a capability-based security model for UPnP to ensure secure discovery, advertisement, and access of the UPnP services that considers the resource limitations of IoT devices. Our analysis shows the effectiveness of the proposed model against potential attacks, and our experimental evaluation highlights the feasibility of implementing our Secure UPnP (SUPnP) protocol in a network of IoT devices, incurring minimal network and performance overhead.

Published

2021

43. Eficacia y eficiencia de la seguridad de las redes LAN. Cantón Pasaje

Author

Cristian Rafael Benítez Flores, Diana María Granda Ayabaca, Nelly Victoria Ley Leyva, and Verónica Jacqueline Guamán Gómez

Subjects

Firewall (construction), Standardization, business.industry, Control (management), Denial-of-service attack, The Internet, Business, Descriptive research, Computer security model, Service provider, Computer security, computer.software_genre, computer

Abstract

Con el objetivo de analizar la efectividad y eficacia de la seguridad de las redes LAN brindadas por las empresas proveedoras de los servicios de internet del Cantón de Pasaje se desarrolló un estudio descriptivo sistematizado mediante los métodos de revisión bibliográfica, analítico-sintético, estadístico y triangulación de datos, así como por la técnica de encuesta. El instrumento de recogida de la información se aplicó a 18 directivos de empresas proveedoras de los servicios y a 1000 funcionarios de las entidades usuarias. Los principales resultados señalan que se cumple con las normas estatales establecidas, para lo cual se implementan los protocolos de la Agencia de Regulación y Control de Telecomunicaciones con el empleo del firewall de Mikrotik; los ataques a las LAN se producen con una frecuencia e impactos negativos medios, con un tiempo de recuperación entre 30 y 60 minutos, siendo el más recurrente el DDoS. Las empresas proveedoras no utilizan modelos de seguridad profunda más confiables como el de la Organización Internacional para Normalización. Se concluye que los sistemas de seguridad de las redes LAN utilizados en el Cantón Pasaje no son plenamente eficientes y eficaces.

Published

2021

44. Analysis of formal models for access control and specific features of their applicability to databases

Author

V.V. Vilihura

Subjects

Correctness, Database, business.industry, Computer science, Process (engineering), Access control, General Medicine, Information security, Computer security model, computer.software_genre, Factor (programming language), Information system, business, Formal verification, computer, computer.programming_language

Abstract

An integral part of any project to create or assess the security of information systems and databases is the presence of a security model. The paper considers the main positions of the most common security models based on controlling the access of subjects to objects. The analysis of formal models for access control has revealed that each of them, having certain advantages and disadvantages, has the right to be used. The decisive factor in making a decision is an assessment of a specific situation, which will allow one to make the right choice. In this regard, the paper notes that security models based on discretionary policies are advisable to be applied when conducting formal verification of the correctness of building access control systems in well-protected information systems and databases. However, it is emphasized that these models have certain drawbacks that limit their use. The paper states that despite the fact that security models based on the mandatory access policy play a significant role in information security theory and their provisions have been introduced as mandatory requirements for systems that process secret information, as well as in the standards of secure systems, a number of problems may arise in the practical implementation of these models. Among these problems there are the problems associated with overestimating the security level, blind recordings, performing operations that do not fit into the framework of the model by privileged subjects. The paper also concludes that the use of security models based on role-based policy allows one to implement access control rules dynamically changing during the operation of information systems and databases, the effectiveness of which is especially noticeable when organizing access to the resources of systems with a large number of users and objects.

Published

2021

45. Basic principles and results of comparison of electronic signatures properties of the postquantum period based on algebraic lattices

Author

O. G. Kachko, O.V. Potii, Ivan Gorbenko, I.V. Stelnyk, Yu.I. Gorbenko, A.M. Oleksiychuk, M. V. Yesina, and V. A. Ponomar

Subjects

Post-quantum cryptography, Development (topology), Operations research, Standardization, Computer science, Stability (learning theory), NIST, General Medicine, Computer security model, Algebraic number, Electronic signature

Abstract

The paper considers post-quantum projects of the Falcon and Dilithium electronic signature standards (ES), which are finalists of the NIST USA competition. The mathematical apparatus of algebraic lattices and appropriate methods are used in their construction. In further study and comparison of these post-quantum ES draft standards, both from a theoretical and practical standpoint, it is fundamental to substantiate the requirements for parameters and keys and in general to calculate the main indicators according to the accepted conditional and unconditional criteria. In such studies, it is important to determine the sufficiency of ensuring the guarantee of their security against classical, quantum, special and error-based attacks. This can be ensured, inter alia, through a reasonable choice of the sizes of common parameters and keys, and their practical construction in accordance with the adopted security model. However, when choosing the sizes of common parameters and keys, a significant contradiction arises between the properties of the draft of the Falcon and Dilithium ES standards, So increasing the size of the general parameters and keys leads to an increase in the complexity of transformations, and vice versa. The purpose of this article consists in analysis of problematic issues of choosing the size of parameter and keys for post-quantum ES projects based on mathematical methods of Falcon and Dilithium, and features of their implementation, including implementation according to the adopted security model. Comparative analysis of the stability and complexity of the Falcon and Dilithium ES draft standards depending on the size of the parameters and keys, including for 6 and 7 security levels. Development of proposals for decisions on the adoption of national post-quantum ES standards based on the mathematical methods Falcon and Dilithium. Determining the influence of unconditional, conditional and pragmatic criteria on the advantages when deciding on the ES standardization based on Falcon and Dilithium mathematical methods, including taking into account the availability of patents and the need to obtain licenses, etc.

Published

2021

46. Quantitative Analysis of Opacity in Cloud Computing Systems

Author

Wen Zeng and Maciej Koutny

Subjects

Computer Networks and Communications, Computer science, Reliability (computer networking), Distributed computing, Cloud computing, 02 engineering and technology, Security policy, security policy, 0202 electrical engineering, electronic engineering, information engineering, Information flow (information theory), federated cloud computing, 020203 distributed computing, information flow, business.industry, Probabilistic logic, opacity, Computer security model, internet of things, Computer Science Applications, Quantitative analysis (finance), Hardware and Architecture, Resource allocation, 020201 artificial intelligence & image processing, business, Software, Information Systems

Abstract

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. Federated cloud systems increase the reliability and reduce the cost of the computational support. The resulting combination of secure private clouds and less secure public clouds, together with the fact that resources need to be located within different clouds, strongly affects the information flow security of the entire system. In this paper, the clouds as well as entities of a federated cloud system are assigned security levels, and a probabilistic flow sensitive security model for a federated cloud system is proposed. Then the notion of opacity --- a notion capturing the security of information flow --- of a cloud computing systems is introduced, and different variants of quantitative analysis of opacity are presented. As a result, one can track the information flow in a cloud system, and analyze the impact of different resource allocation strategies by quantifying the corresponding opacity characteristics.

Published

2021

47. Fully Accountable Data Sharing for Pay-as-You-Go Cloud Scenes

Author

Yongbin Zhou, Ti Wang, Zishuai Song, Hui Ma, and Rui Zhang

Subjects

business.industry, Computer science, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, Computer security model, Computer security, computer.software_genre, Encryption, Outsourcing, Data modeling, Data sharing, Attribute-based encryption, Electrical and Electronic Engineering, business, computer

Abstract

Many enterprises and individuals prefer to outsource data to public cloud via various pricing approaches. One of the most widely-used approaches is the pay-as-you-go model, where the data owner hires public cloud to share data with data consumers, and only pays for the actually consumed services. To realize controllable and secure data sharing, ciphertext-policy attribute-based encryption (CP-ABE) is a suitable solution, which can provide fine-grained access control and encryption functionalities simultaneously. But there are some serious challenges when applying CP-ABE in pay-as-you-go. First, the decryption cost in ABE is too heavy for data consumers. Second, ABE ciphertexts probably suffer distributed denial of services (DDoS) attacks, but there is no solution that can eliminate the security risk. At last, the data owner should audit resource consumption to guarantee the transparency of charge, while the existing method is inefficient. In this work, we propose a general construction named fully accountable ABE (FA-ABE), which simultaneously solves all the challenges by supporting all-sided accountability in the pay-as-you-go model. We formally define the security model and prove the security in the standard model. Also, we implement an instantiate construction with the self-developed library $\mathsf{ libabe}$ libabe . The experiment results indicate the efficiency and practicality of our construction.

Published

2021

48. Survey of CPU Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures

Author

Chao Su and Qingkai Zeng

Subjects

Science (General), Computer Networks and Communications, Computer science, CPU cache, 0211 other engineering and technologies, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Q1-390, T1-995, Side channel attack, Technology (General), Vulnerability (computing), 021110 strategic, defence & security studies, business.industry, Information security, Attack surface, Computer security model, 010201 computation theory & mathematics, Cache, business, computer, Information Systems

Abstract

Privacy protection is an essential part of information security. The use of shared resources demands more privacy and security protection, especially in cloud computing environments. Side-channel attacks based on CPU cache utilize shared CPU caches within the same physical device to compromise the system’s privacy (encryption keys, program status, etc.). Information is leaked through channels that are not intended to transmit information, jeopardizing system security. These attacks have the characteristics of both high concealment and high risk. Despite the improvement in architecture, which makes it more difficult to launch system intrusion and privacy leakage through traditional methods, side-channel attacks ignore those defenses because of the shared hardware. Difficult to be detected, they are much more dangerous in modern computer systems. Although some researchers focus on the survey of side-channel attacks, their study is limited to cryptographic modules such as Elliptic Curve Cryptosystems. All the discussions are based on real-world applications (e.g., Curve25519), and there is no systematic analysis for the related attack and security model. Firstly, this paper compares different types of cache-based side-channel attacks. Based on the comparison, a security model is proposed. The model describes the attacks from four key aspects, namely, vulnerability, cache type, pattern, and range. Through reviewing the corresponding defense methods, it reveals from which perspective defense strategies are effective for side-channel attacks. Finally, the challenges and research trends of CPU cache-based side-channel attacks in both attacking and defending are explored. The systematic analysis of CPU cache-based side-channel attacks highlights the fact that these attacks are more dangerous than expected. We believe our survey would draw developers’ attention to side-channel attacks and help to reduce the attack surface in the future.

Published

2021

49. Security-Aware Dynamic Scheduling for Real-Time Optimization in Cloud-Based Industrial Applications

Author

Shunmei Meng, Shaohua Wan, Weijia Huang, Qianmu Li, Xiaochun Yin, Lianyong Qi, and Mohammad Reza Khosravi

Subjects

Job shop scheduling, Computer science, business.industry, Distributed computing, Scheduling (production processes), Cloud computing, Dynamic priority scheduling, Industrial control system, Computer security model, Computer Science Applications, Scheduling (computing), Resource (project management), Control and Systems Engineering, Scalability, Resource allocation, Electrical and Electronic Engineering, business, Information Systems

Abstract

Nowadays, large number of cloud-based techniques have been used in industrial control systems (ICS), which also brings many security threats. The emergence of security-aware industrial control has paved the way of security-aware scheduling in cloud-based industrial applications. Actually, most cloud-based industrial applications are time sensitive, which need real-time processing. Edge cloud computing paradigm extends the computing ability of traditional cloud model with low-latency local resources. Thus, heterogeneous clouds that consist of both centralized resources and edge resources may be a promising resource model to provide both scalable and low-latency resources for cloud-based industrial applications. In view of these challenges, in this article, we propose a security-aware dynamic scheduling method for real-time resource allocation in ICS. First, a three-level security model is designed for both tasks and cloud resources in ICS, and a two-tier heterogeneous cloud architecture is introduced. Accordingly, a security-aware scheduling method based on distributed particle swarm optimization is presented for resource allocation with security concerns. To deal with the dynamics of edge resources and the mobility of mobile industrial applications, a dynamic scheduling mechanism based on dynamic workflow model is proposed for real-time optimization. Experimental results validate that the scheduling control policy proposed in this article can achieve a good balance between scheduling performance and security performance.

Published

2021

50. Intelligent Internet of Things System for Smart Home Optimal Convection

Author

Zongwen Bai, Andrzej Sikora, Marcin Wozniak, Qiao Ke, Wei Wei, and Adam Zielonka

Subjects

Consumption (economics), Convection, Computer science, business.industry, 020208 electrical & electronic engineering, Real-time computing, Control (management), Computational intelligence, 02 engineering and technology, Computer security model, Computer Science Applications, law.invention, Control and Systems Engineering, Home automation, law, Control system, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, Remote control, Information Systems

Abstract

The fusion of Internet of Things (IoTs) and computational intelligence makes it possible to increase energetic efficiency of our homes. Connected devices can be optimally adjusted to the needs of a family. In this article, we present our developed IoT convection installation for a small house with the developed remote platform control system. The control module is gartering readings from sensors and information from users about conditions in the house and, by the use of computational intelligence, optimizes parameters to adjust the developed IoT convection system for better comfort of a family. We have done a full convection installation, both in practical and theoretical models, together with remote control system and the proposed security model. Optimization results show increased comfort of use with lower changes in the temperature inside. The system after optimization shows significant improvement in lower changes of the temperature and lower consumption.

Published

2021