Fog based Secure Framework for Personal Health Records Systems

The rapid development of personal health records (PHR) systems enables an individual to collect, create, store and share his PHR to authorized entities. Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions' repositories located in the cloud. The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency, scalability and bandwidth. Fog computing relieves the burden of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers. Aiming at a massive demand of PHR data within a ubiquitous smart city, we propose a secure and fog assisted framework for PHR systems to address security, access control and privacy concerns. Built under a fog-based architecture, the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption (CP-ABE) to guarantee confidentiality and fine-grained access control within the system respectively. We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy. We provide the analysis of the proposed framework in terms of security and performance.Comment: 12 pages (CMC Journal, Tech Science Press

SHT-based public auditing protocol with error tolerance in FDL-empowered IoVs

Peer reviewe

Attribute Based Pseudonyms : Anonymous and Linkable Scoped Credentials

Attribute-based credentials (ABCs) provide an efficient way to transfer custody of personal and private data to the final user, while minimizing the risk of sensitive data revelation and thus granting anonymity. Nevertheless, this method cannot detect whether one attribute has been used more than once without compromising anonymity when the emitter and consumer collude with one another. The protocol proposed in this article deals with this issue by using a modification of ZSS pairing-based short signatures over elliptic curves and Verheul's self-blinded credentials scheme. Each user can generate an identifier (pseudonym) that is unique and verifiable by everyone in a given scope, without compromising anonymity. However, the identifier cannot be reused in the same scope, since such reuse would be detected

A Call Graph Reduction based Novel Storage Allocation Scheme for Smart City Applications

Today s world is going to be smart even smarter day by day Smart cities play an important role to make the world smart Thousands of smart city applications are developing in every day Every second very huge amount of data is generated The data need to be managed and stored properly so that information can be extracted using various emerging technologies The main aim of this paper is to propose a storage scheme for data generated by smart city applications A matrix is used which store the information of each adjacency node of each level as well as the weight and frequency of call graph It has been experimentally depicted that the applied algorithm reduces the size of the call graph without changing the basic structure without any loss of information Once the graph is generated from the source code it is stored in the matrix and reduced appropriately using the proposed algorithm The proposed algorithm is also compared to another call graph reduction techniques and it has been experimentally evaluated that the proposed algorithm significantly reduces the graph and store the smart city application data efficientl

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

YesThe complex and interdependent nature of smart cities raises significant political, technical, and socioeconomic challenges for designers, integrators and organisations involved in administrating these new entities. An increasing number of studies focus on the security, privacy and risks within smart cities, highlighting the threats relating to information security and challenges for smart city infrastructure in the management and processing of personal data. This study analyses many of these challenges, offers a valuable synthesis of the relevant key literature, and develops a smart city interaction framework. The study is organised around a number of key themes within smart cities research: privacy and security of mobile devices and services; smart city infrastructure, power systems, healthcare, frameworks, algorithms and protocols to improve security and privacy, operational threats for smart cities, use and adoption of smart services by citizens, use of blockchain and use of social media. This comprehensive review provides a useful perspective on many of the key issues and offers key direction for future studies. The findings of this study can provide an informative research framework and reference point for academics and practitioners

Efficient and Secure Data Sharing Using Attribute-based Cryptography

La crescita incontrollata di dati prodotti da molte sorgenti, eterogenee e di- namiche, spinge molti possessori di tali dati a immagazzinarli su server nel cloud, anche al fine di condividerli con terze parti. La condivisione di dati su server (possibilmente) non fidati fonte di importanti e non banali questioni riguardanti sicurezza, privacy, confidenzialit e controllo degli accessi. Al fine di prevenire accessi incontrollati ai dati, una tipica soluzione consiste nel cifrare i dati stessi. Seguendo tale strada, la progettazione e la realizzazione di politiche di accesso ai dati cifrati da parte di terze parti (che possono avere differenti diritti sui dati stessi) un compito complesso, che impone la presenza di un controllore fidato delle politiche. Una possibile soluzione l\u2019impiego di un meccanismo per il controllo degli accessi basato su schemi di cifratura attribute-base (ABE ), che permette al possessore dei dati di cifrare i dati in funzione delle politiche di accesso dei dati stessi. Di contro, l\u2019adozione di tali meccanismi di controllo degli accessi presentano due problemi (i) privacy debole: le politiche di accesso sono pubbliche e (ii) inefficienza: le politiche di accesso sono statiche e una loro modifica richiede la ricifratura (o la cifratura multipla) di tutti i dati. Al fine di porre rimedio a tali problemi, il lavoro proposto in questa tesi prende in con- siderazione un particolare schema di cifratura attribute-based, chiamato inner product encryption (IPE, che gode della propriet attribute-hiding e pertanto riesce a proteggere la privatezza delle politiche di accesso) e lo combina con le tecniche di proxy re-encryption, che introducono una maggiore flessibilit ed efficienza. La prima parte di questa tesi discute l\u2019adeguatezza dell\u2019introduzione di un meccanismo di controllo degli accessi fondato su schema basato su inner product e proxy re-encryption (IPPRE ) al fine di garantire la condivisione sicura di dati immagazzinati su cloud server non fidati. Pi specificamente, proponiamo due proponiamo due versioni di IPE : in prima istanza, presentiamo una versione es- tesa con proxy re-encryption di un noto schema basato su inner product [1]. In seguito, usiamo tale schema in uno scenario in cui vengono raccolti e gestiti dati medici. In tale scenario, una volta che i dati sono stati raccolti, le politiche di ac- cesso possono variare al variare delle necessit dei diversi staff medici. Lo schema proposto delega il compito della ricifratura dei dati a un server proxy parzial- mente fidato, che pu trasformare la cifratura dei dati (che dipende da una polit- ica di accesso) in un\u2019altra cifratura (che dipende da un\u2019altra politica di accesso) senza per questo avere accesso ai dati in chiaro o alla chiave segreta utilizzata dal possessore dei dati. In tal modo, il possessore di una chiave di decifratura corrispondente alla seconda politica di accesso pu accedere ai dati senza intera- gire con il possessore dei dati (richiedendo cio una chiave di decifratura associata alla propria politica di accesso). Presentiamo un\u2019analisi relativa alle prestazioni di tale schema implementato su curve ellittiche appartenenti alle classi SS, MNT e BN e otteniamo incoraggianti risultati sperimentali. Dimostriamo inoltre che lo schema proposto sicuro contro attacchi chosen plaintext sotto la nota ipotesi DLIN. In seconda istanza, presentiamo una versione ottimizzata dello schema proposto in precedenza (E-IPPRE ), basata su un ben noto schema basato suinner product, proposto da Kim [2]. Lo schema E-IPPRE proposto richiede un numero costante di operazioni di calcolo di pairing e ci garantisce che gli oggetti prodotti dall esecuzione dello schema (chiavi di decifratura, chiavi pubbliche e le cifrature stesse) sono di piccole rispetto ai parametri di sicurezza e sono efficientemente calcolabili. Testiamo sperimentalmente l\u2019efficienza dello schema proposto e lo proviamo (selettivamente nei confronti degli attributi) sicuro nei confronti di attacchi chosen plaintext sotto la nota ipotesi BDH. In altri termini, lo schema proposto non rivela alcuna informazione riguardante le politiche di accesso. La seconda parte di questa tesi presenta uno schema crittografico per la condivisione sicura dei dati basato su crittografia attribute-based e adatto per scenari basati su IoT. Come noto, il problema principale in tale ambito riguarda le limitate risorse computazionali dei device IoT coinvolti. A tal proposito, proponiamo uno schema che combina la flessibilit di E-IPPRE con l\u2019efficienza di uno schema di cifratura simmetrico quale AES, ottenendo uno schema di cifratura basato su inner product, proxy-based leggero (L-IPPRE ). I risultati sperimentali confermano l\u2019adeguatezza di tale schema in scenari IoT.Riferimenti [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235\u2013257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016.With the ever-growing production of data coming from multiple, scattered, and highly dynamical sources, many providers are motivated to upload their data to the cloud servers and share them with other persons for different purposes. However, storing data on untrusted cloud servers imposes serious concerns in terms of security, privacy, data confidentiality, and access control. In order to prevent privacy and security breaches, it is vital that data is encrypted first before it is outsourced to the cloud. However, designing access control mod- els that enable different users to have various access rights to the shared data is the main challenge. To tackle this issue, a possible solution is to employ a cryptographic-based data access control mechanism such as attribute-based encryption (ABE ) scheme, which enables a data owner to take full control over data access. However, access control mechanisms based on ABE raise two chal- lenges: (i) weak privacy: they do not conceal the attributes associated with the ciphertexts, and therefore they do not satisfy attribute-hiding security, and (ii) inefficiency: they do not support efficient access policy change when data is required to be shared among multiple users with different access policies. To address these issues, this thesis studies and enhances inner-product encryption (IPE ), a type of public-key cryptosystem, which supports the attribute-hiding property as well as the flexible fine-grained access control based payload-hiding property, and combines it with an advanced cryptographic technique known as proxy re-encryption (PRE ). The first part of this thesis discusses the necessity of applying the inner- product proxy re-encryption (IPPRE ) scheme to guarantee secure data sharing on untrusted cloud servers. More specifically, we propose two extended schemes of IPE : in the first extended scheme, we propose an inner-product proxy re- encryption (IPPRE ) protocol derived from a well-known inner-product encryp- tion scheme [1]. We deploy this technique in the healthcare scenario where data, collected by medical devices according to some access policy, has to be changed afterwards for sharing with other medical staffs. The proposed scheme delegates the re-encryption capability to a semi-trusted proxy who can transform a dele- gator\u2019s ciphertext associated with an attribute vector to a new ciphertext associ- ated with delegatee\u2019s attribute vector set, without knowing the underlying data and private key. Our proposed policy updating scheme enables the delegatee to decrypt the shared data with its own key without requesting a new decryption key. We analyze the proposed protocol in terms of its performance on three dif- ferent types of elliptic curves such as the SS curve, the MNT curve, and the BN curve, respectively. Hereby, we achieve some encouraging experimental results. We show that our scheme is adaptive attribute-secure against chosen-plaintext under standard Decisional Linear (D-Linear ) assumption. To improve the per- formance of this scheme in terms of storage, communication, and computation costs, we propose an efficient inner-product proxy re-encryption (E-IPPRE ) scheme using the transformation of Kim\u2019s inner-product encryption method [2]. The proposed E-IPPRE scheme requires constant pairing operations for its al- gorithms and ensures a short size of the public key, private key, and ciphertext,making it the most efficient and practical compared to state of the art schemes in terms of computation and communication overhead. We experimentally as- sess the efficiency of our protocol and show that it is selective attribute-secure against chosen-plaintext attacks in the standard model under Asymmetric De- cisional Bilinear Diffie-Hellman assumption. Specifically, our proposed schemes do not reveal any information about the data owner\u2019s access policy to not only the untrusted servers (e.g, cloud and proxy) but also to the other users. The second part of this thesis presents a new lightweight secure data sharing scheme based on attribute-based cryptography for a specific IoT -based health- care application. To achieve secure data sharing on IoT devices while preserving data confidentiality, the IoT devices encrypt data before it is outsourced to the cloud and authorized users, who have corresponding decryption keys, can ac- cess the data. The main challenge, in this case, is on the one hand that IoT devices are resource-constrained in terms of energy, CPU, and memory. On the other hand, the existing public-key encryption mechanisms (e.g., ABE ) require expensive computation. We address this issue by combining the flexibility and expressiveness of the proposed E-IPPRE scheme with the efficiency of symmet- ric key encryption technique (AES ) and propose a light inner-product proxy re-encryption (L-IPPRE ) scheme to guarantee secure data sharing between dif- ferent entities in the IoT environment. The experimental results confirm that the proposed L-IPPRE scheme is suitable for resource-constrained IoT scenar- ios.References [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235\u2013257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016

Quality of service in cloud computing: Data model; resource allocation; and data availability and security

Philosophiae Doctor - PhDRecently, massive migration of enterprise applications to the cloud has been recorded in the Information Technology (IT) world. The number of cloud providers offering their services and the number of cloud customers interested in using such services is rapidly increasing. However, one of the challenges of cloud computing is Quality-of-Service management which denotes the level of performance, reliability, and availability offered by cloud service providers. Quality-of-Service is fundamental to cloud service providers who find the right tradeoff between Quality-of-Service levels and operational cost. In order to find out the optimal tradeoff, cloud service providers need to comply with service level agreements contracts which define an agreement between cloud service providers and cloud customers. Service level agreements are expressed in terms of quality of service (QoS) parameters such as availability, scalability performance and the service cost. On the other hand, if the cloud service provider violates the service level agreement contract, the cloud customer can file for damages and claims some penalties that can result in revenue losses, and probably detriment to the provider’s reputation. Thus, the goal of any cloud service provider is to meet the Service level agreements, while reducing the total cost of offering its services

Post-Quantum Secure Identity-Based Encryption Scheme Using Random Integer Lattices for IoT-Enabled AI Applications

Identity-based encryption is an important cryptographic system that is employed to ensure confidentiality of a message in communication. This article presents a provably secure identity based encryption based on post quantum security assumption. The security of the proposed encryption is based on the hard problem, namely Learning with Errors on integer lattices. This construction is anonymous and produces pseudo random ciphers. Both public-key size and ciphertext-size have been reduced in the proposed encryption as compared to those for other relevant schemes without compromising the security. Next, we incorporate the constructed identity based encryption (IBE) for Internet of Things (IoT) applications, where the IoT smart devices send securely the sensing data to their nearby gateway nodes(s) with the help of IBE and the gateway node(s) secure aggregate the data from the smart devices by decrypting the messages using the proposed IBE decryption. Later, the gateway nodes will securely send the aggregated data to the cloud server(s) and the Big data analytics is performed on the authenticated data using the Artificial Intelligence (AI)/Machine Learning (ML) algorithms for accurate and better predictions

Best of Two Worlds: Efficient, Usable and Auditable Biometric ABC on the Blockchain

In [1], two generic constructions for biometric-based non-transferable Attribute Based Credentials (biometric ABC) are presented, which offer different trade-offs between efficiency and trust assumptions. In this paper, we focus on the second scheme denoted as BioABC-ZK that tries to remove the strong (and unrealistic) trust assumption on the Reader R, and show that BioABC-ZK has a security flaw for a colluding R and Verifier V. Besides, BioABC-ZK lacks GDPR-compliance, which requires secure processing of biometrics, for instance in form of Fuzzy Extractors, as opposed to (i) storing the reference biometric template aBio in the user\u27s mobile phone and (ii) processing of biometrics using an external untrusted R, whose foreign manufacturers are unlikely to adjust their products according to GDPR. The contributions of this paper are threefold. First, we review efficient biometric ABC schemes to identify the privacy-by-design criteria for them. In view of these principles, we propose a new architecture for biometric ABC of [2] by adapting the recently introduced core/helper setting of [3]. Briefly, a user in our modified setting is composed of a constrained core device (a SIM card) inside a helper device (a smart phone with dual SIM and face recognition feature), which -as opposed to [1]- does not need to store aBio. This way, the new design provides Identity Privacy without the need for an external R and/or a dedicated hardware per user such as a biometric smart card reader or a tamper proof smart card as in current hardware-bound credential systems. Besides, the new system maintains minimal hardware requirements on the SIM card -only responsible for storing ABC and helper data-, which results in easy adoption and usability without loosing efficiency, if recently introduced key derivation scheme of [4] and the modified ABC scheme of [2] are employed together. As a result, a total overhead of 500 milliseconds to a showing of a comparable non-biometric ABC is obtained instead of the 2.1 seconds in [1] apart from the removal of computationally expensive pairings. Finally, as different from [1], auditing is achieved via Blockchain instead of proving in zero-knowledge the actual biometric matching by the user to reveal malicious behavior of R and V

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue