Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs

Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks

A secured framework for SDN-based edge computing in IoT-enabled healthcare system

The Internet of Things (IoT) consists of resource-constrained smart devices capable to sense and process data. It connects a huge number of smart sensing devices, i.e., things, and heterogeneous networks. The IoT is incorporated into different applications, such as smart health, smart home, smart grid, etc. The concept of smart healthcare has emerged in different countries, where pilot projects of healthcare facilities are analyzed. In IoT-enabled healthcare systems, the security of IoT devices and associated data is very important, whereas Edge computing is a promising architecture that solves their computational and processing problems. Edge computing is economical and has the potential to provide low latency data services by improving the communication and computation speed of IoT devices in a healthcare system. In Edge-based IoT-enabled healthcare systems, load balancing, network optimization, and efficient resource utilization are accurately performed using artificial intelligence (AI), i.e., intelligent software-defined network (SDN) controller. SDN-based Edge computing is helpful in the efficient utilization of limited resources of IoT devices. However, these low powered devices and associated data (private sensitive data of patients) are prone to various security threats. Therefore, in this paper, we design a secure framework for SDN-based Edge computing in IoT-enabled healthcare system. In the proposed framework, the IoT devices are authenticated by the Edge servers using a lightweight authentication scheme. After authentication, these devices collect data from the patients and send them to the Edge servers for storage, processing, and analyses. The Edge servers are connected with an SDN controller, which performs load balancing, network optimization, and efficient resource utilization in the healthcare system. The proposed framework is evaluated using computer-based simulations. The results demonstrate that the proposed framework provides better solutions for IoT-enabled healthcare systems. © 2013 IEEE. **Please note that there are multiple authors for this article therefore only the name of the first 5 including Federation University Australia affiliate “Venki Balasubramaniam” is provided in this record*