A Secure Quorum Based Multi-Tag RFID System

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.Ministry of higher education and scientific research, Baghdad-Ira

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

Efficient Location Privacy In Mobile Applications

Location awareness is an essential part of today\u27s mobile devices. It is a well-established technology that offers significant benefits to mobile users. While location awareness has triggered the exponential growth of mobile computing, it has also introduced new privacy threats due to frequent location disclosures. Movement patterns could be used to identify individuals and also leak sensitive information about them, such as health condition, lifestyle, political/religious affiliations, etc. In this dissertation we address location privacy in the context of mobile applications. First we look into location privacy in the context of Dynamic Spectrum Access (DSA) technology. DSA is a promising framework for mitigating the spectrum shortage caused by fixed spectrum allocation policies. In particular, DSA allows license-exempt users to access the licensed spectrum bands when not in use by their respective owners. Here, we focus on the database-driven DSA model, where mobile users issue location-based queries to a white-space database in order to identify idle channels in their area. We present a number of efficient protocols that allow users to retrieve channel availability information from the white-space database while maintaining their location secret. In the second part of the dissertation we look into location privacy in the context of location-aware mobile advertising. Location-aware mobile advertising is expanding very rapidly and is forecast to grow much faster than any other industry in the digital era. Unfortunately, with the rise and expansion of online behavioral advertising, consumers have grown very skeptical of the vast amount of data that is extracted and mined from advertisers today. As a result, the consensus has shifted towards stricter privacy requirements. Clearly, there exists an innate conflict between privacy and advertisement, yet existing advertising practices rely heavily on non-disclosure agreements and policy enforcement rather than computational privacy guarantees. In the second half of this dissertation, we present a novel privacy-preserving location-aware mobile advertisement framework that is built with privacy in mind from the ground up. The framework consists of several methods which ease the tension that exists between privacy and advertising by guaranteeing, through cryptographic constructions, that (i) mobile users receive advertisements relative to their location and interests in a privacy-preserving manner, and (ii) the advertisement network can only compute aggregate statistics of ad impressions and click-through-rates. Through extensive experimentation, we show that our methods are efficient in terms of both computational and communication cost, especially at the client side

Sensor-based ICT Systems for Smart Societies

L'abstract è presente nell'allegato / the abstract is in the attachmen

Security and Privacy in Molecular Communication and Networking: Opportunities and Challenges

International audienceMolecular Communication (MC) is an emerging andpromising communication paradigm for several multi-disciplinarydomains like bio-medical, industry and military. Differently to thetraditional communication paradigm, the information is encodedon the molecules, that are then used as carriers of information.Novel approaches related to this new communication paradigmhave been proposed, mainly focusing on architectural aspects andcategorization of potential applications. So far, security and privacyaspects related to the molecular communication systems havenot been investigated at all and represent an open question thatneed to be addressed. The main motivation of this paper lies onproviding some first insights about security and privacy aspects ofMC systems, by highlighting the open issues and challenges andabove all by outlining some specific directions of potential solutions.Existing cryptographicmethods and security approaches arenot suitable for MC systems since do not consider the pecific issuesand challenges, that need ad-hoc solutions.We will discuss directionsin terms of potential solutions by trying to highlight themain advantages and potential drawbacks for each direction considered.We will try to answer to the main questions: 1) why thissolution can be exploited in the MC field to safeguard the systemand its reliability? 2) which are the main issues related to the specificapproach

Confidentiality-Preserving Publish/Subscribe: A Survey

Publish/subscribe (pub/sub) is an attractive communication paradigm for large-scale distributed applications running across multiple administrative domains. Pub/sub allows event-based information dissemination based on constraints on the nature of the data rather than on pre-established communication channels. It is a natural fit for deployment in untrusted environments such as public clouds linking applications across multiple sites. However, pub/sub in untrusted environments lead to major confidentiality concerns stemming from the content-centric nature of the communications. This survey classifies and analyzes different approaches to confidentiality preservation for pub/sub, from applications of trust and access control models to novel encryption techniques. It provides an overview of the current challenges posed by confidentiality concerns and points to future research directions in this promising field

Advances in cryptographic voting systems

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 241-254).Democracy depends on the proper administration of popular elections. Voters should receive assurance that their intent was correctly captured and that all eligible votes were correctly tallied. The election system as a whole should ensure that voter coercion is unlikely, even when voters are willing to be influenced. These conflicting requirements present a significant challenge: how can voters receive enough assurance to trust the election result, but not so much that they can prove to a potential coercer how they voted? This dissertation explores cryptographic techniques for implementing verifiable, secret-ballot elections. We present the power of cryptographic voting, in particular its ability to successfully achieve both verifiability and ballot secrecy, a combination that cannot be achieved by other means. We review a large portion of the literature on cryptographic voting. We propose three novel technical ideas: 1. a simple and inexpensive paper-base cryptographic voting system with some interesting advantages over existing techniques, 2. a theoretical model of incoercibility for human voters with their inherent limited computational ability, and a new ballot casting system that fits the new definition, and 3. a new theoretical construct for shuffling encrypted votes in full view of public observers.by Ben Adida.Ph.D

Security of Wireless Sensor Networks in the Presence of Captured Nodes

Wireless sensor networks (WSNs) pose unique security challenges due to the fact that their nodes operate in an unattended manner in potentially hostile environments. A particularly difficult problem not addressed to date is the handling of node capture by an adversary. A key goal for solving this problem is that of limiting the damage caused by captured nodes. This is important since node capture cannot be prevented: by definition, there is no practical physical mechanism that could keep an adversary from physically accessing a sensor node discovered in an unattended area. Hence, the presence of the adversary within a WSN must be detected, and of course, the earlier the better. Adversary detection is predicated on the fact that access to a captured node's internal state, which includes secrets such as cryptographic keys, incurs a nonzero time delay. This suggests that adversary detection be divided into two phases: (i) in-capture detection, namely detection before the adversary completes the capture process and gets a chance to access a node's internal state and do any network damage, and (ii) post-capture detection, namely detection after the adversary already accessed and possibly used a node's internal state and secrets. Since the adversary is already active in the network in the latter case, it is important to determine the overall network resiliency; i.e., the ability of the network to operate in the presence of an active adversary. In this work we focus on the former case in which we try to identify the presence of the adversary prior to completion of a node capture. To address the problem of in-capture adversary detection, we propose two probabilistic schemes called the pairwise pinging scheme and quorum pinging scheme, whereby the network continuously monitors itself in a distributed and self-organizing manner. We investigate the trade-offs between the network cost-performance and security of these schemes via a Markov Chain model, and present analytical solutions which allow us to choose appropriate performance parameters, such as the expected residual time-to-false-alarm, and security, such as the probability of a missed detection. We show that the quorum pinging is superior to pairwise pinging in terms of both cost-performance and security. Furthermore, we will show that both schemes are scalable with network size and their complexities are linearly proportional to the average node degree of the network. We also analyze the optimum strategy for an adversary to deploy its agents over a sensor network; i.e., the strategy that enables the adversary to achieve the maximum capture ratio with fixed number of agents. The order of node capture, distribution, and location of agents are investigated and an analytical model is provided that describes the optimum path for deploying of agents to target nodes. Numerical data are presented to compare different scenarios for deploying agents and the corresponding performance of each deployment strategy. The proposed optimum strategy validates the physical interpretation under practical scenarios and demonstrates the feasibility of our capture strategy in practice. Finally, the resiliency of the underlying quorum pinging scheme for detecting adversary agents is investigated despite collusion among agents via optimum capture strategy

Private set intersection: A systematic literature review

Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.This work has been partially supported by the projects: BIGPrivDATA (UMA20-FEDERJA-082) from the FEDER Andalucía 2014– 2020 Program and SecTwin 5.0 funded by the Ministry of Science and Innovation, Spain, and the European Union (Next Generation EU) (TED2021-129830B-I00). The first author has been funded by the Spanish Ministry of Education under the National F.P.U. Program (FPU19/01118). Funding for open access charge: Universidad de Málaga/CBU