10,819 research outputs found
A survey of IoT security based on a layered architecture of sensing and data analysis
The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond
Watchword-Oriented and Time-Stamped Algorithms for Tamper-Proof Cloud Provenance Cognition
Provenance is derivative journal information about the origin and activities
of system data and processes. For a highly dynamic system like the cloud,
provenance can be accurately detected and securely used in cloud digital
forensic investigation activities. This paper proposes watchword oriented
provenance cognition algorithm for the cloud environment. Additionally
time-stamp based buffer verifying algorithm is proposed for securing the access
to the detected cloud provenance. Performance analysis of the novel algorithms
proposed here yields a desirable detection rate of 89.33% and miss rate of
8.66%. The securing algorithm successfully rejects 64% of malicious requests,
yielding a cumulative frequency of 21.43 for MR
MPSM: Multi-prospective PaaS Security Model
Cloud computing has brought a revolution in the field of information
technology and improving the efficiency of computational resources. It offers
computing as a service enabling huge cost and resource efficiency. Despite its
advantages, certain security issues still hinder organizations and enterprises
from it being adopted. This study mainly focused on the security of
Platform-as-a-Service (PaaS) as well as the most critical security issues that
were documented regarding PaaS infrastructure. The prime outcome of this study
was a security model proposed to mitigate security vulnerabilities of PaaS.
This security model consists of a number of tools, techniques and guidelines to
mitigate and neutralize security issues of PaaS. The security vulnerabilities
along with mitigation strategies were discussed to offer a deep insight into
PaaS security for both vendor and client that may facilitate future design to
implement secure PaaS platforms
ISA-Based Trusted Network Functions And Server Applications In The Untrusted Cloud
Nowadays, enterprises widely deploy Network Functions (NFs) and server
applications in the cloud. However, processing of sensitive data and trusted
execution cannot be securely deployed in the untrusted cloud. Cloud providers
themselves could accidentally leak private information (e.g., due to
misconfigurations) or rogue users could exploit vulnerabilities of the
providers' systems to compromise execution integrity, posing a threat to the
confidentiality of internal enterprise and customer data. In this paper, we
identify (i) a number of NF and server application use-cases that trusted
execution can be applied to, (ii) the assets and impact of compromising the
private data and execution integrity of each use-case, and (iii) we leverage
Intel's Software Guard Extensions (SGX) architecture to design Trusted
Execution Environments (TEEs) for cloud-based NFs and server applications. We
combine SGX with the Data Plane Development KIT (DPDK) to prototype and
evaluate our TEEs for a number of application scenarios (Layer 2 frame and
Layer 3 packet processing for plain and encrypted traffic, traffic
load-balancing and back-end server processing). Our results indicate that NFs
involving plain traffic can achieve almost native performance (e.g., ~22
Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while
NFs involving encrypted traffic and server processing can still achieve
competitive performance (e.g., ~12 Million Packets Per Second for server
processing for 64-byte frames)
Challenges in Network Management of Encrypted Traffic
This paper summarizes the challenges identified at the MAMI Management and
Measurement Summit (M3S) for network management with the increased deployment
of encrypted traffic based on a set of use cases and deployed techniques (for
network monitoring, performance enhancing proxies, firewalling as well as
network-supported DDoS protection and migration), and provides recommendations
for future use cases and the development of new protocols and mechanisms. In
summary, network architecture and protocol design efforts should 1) provide for
independent measurability when observations may be contested, 2) support
different security associations at different layers, and 3) replace transparent
middleboxes with middlebox transparency in order to increase visibility,
rebalance control and enable cooperation.Comment: White paper by the EU-H2020 MAMI project (grant agreement No 688421
Research on Information Security Enhancement Approaches and the Applications on HCI Systems
With rapid development of computer techniques, the human computer interaction
scenarios are becoming more and more frequent. The development history of the
human-computer interaction is from a person to adapt to the computer to the
computer and continually adapt to the rapid development. Facing the process of
human-computer interaction, information system daily operation to produce huge
amounts of data, how to ensure human-computer interaction interface clear,
generated data safe and reliable, has become a problem to be solved in the
world of information. To deal with the challenging, we propose the information
security enhancement approaches and the core applications on HCI systems.
Through reviewing the other state-of-the-art methods, we propose the data
encryption system to deal with the issues that uses mixed encryption system to
make full use of the symmetric cipher algorithm encryption speed and encryption
intensity is high while the encryption of large amounts of data efficiently.
Our method could enhance the general safety of the HCI system, the experimental
result verities the feasibility and general robustness of our approach
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
With the proliferation of Trusted Execution Environments (TEEs) such as Intel
SGX, a number of cloud providers will soon introduce TEE capabilities within
their offering (e.g., Microsoft Azure). Although the integration of SGX within
the cloud considerably strengthens the threat model for cloud applications, the
current model to deploy and provision enclaves prevents the cloud operator from
adding or removing enclaves dynamically - thus preventing elasticity for
TEE-based applications in the cloud.
In this paper, we propose ReplicaTEE, a solution that enables seamless
provisioning and decommissioning of TEE-based applications in the cloud.
ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a
Byzantine Fault-Tolerant storage service to securely orchestrate enclave
replication in the cloud, without the active intervention of the application
owner. Namely, in ReplicaTEE, the application owner entrusts application secret
to the provisioning layer; the latter handles all enclave commissioning and
de-commissioning operations throughout the application lifetime. We analyze the
security of ReplicaTEE and show that it is secure against attacks by a powerful
adversary that can compromise a large fraction of the cloud infrastructure. We
implement a prototype of ReplicaTEE in a realistic cloud environment and
evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC.
Our evaluation shows that ReplicaTEE does not add significant overhead to
existing SGX-based applications
CryptoNN: Training Neural Networks over Encrypted Data
Emerging neural networks based machine learning techniques such as deep
learning and its variants have shown tremendous potential in many application
domains. However, they raise serious privacy concerns due to the risk of
leakage of highly privacy-sensitive data when data collected from users is used
to train neural network models to support predictive tasks. To tackle such
serious privacy concerns, several privacy-preserving approaches have been
proposed in the literature that use either secure multi-party computation (SMC)
or homomorphic encryption (HE) as the underlying mechanisms. However, neither
of these cryptographic approaches provides an efficient solution towards
constructing a privacy-preserving machine learning model, as well as supporting
both the training and inference phases. To tackle the above issue, we propose a
CryptoNN framework that supports training a neural network model over encrypted
data by using the emerging functional encryption scheme instead of SMC or HE.
We also construct a functional encryption scheme for basic arithmetic
computation to support the requirement of the proposed CryptoNN framework. We
present performance evaluation and security analysis of the underlying crypto
scheme and show through our experiments that CryptoNN achieves accuracy that is
similar to those of the baseline neural network models on the MNIST dataset.Comment: ePrin
A Preliminary Study On Emerging Cloud Computing Security Challenges
Cloud computing is the internet based provisioning of the computing
resources, software, and information on demand. Cloud Computing is referred to
as one of most recent emerging paradigms of computing utilities. Since Cloud
computing is the dominant infrastructure of the shared services over the
internet, it is important to be aware of the security risk and the challenges
associated with this emerging computing paradigm. This survey provides a brief
introduction to the cloud computing, its major characteristics, and service
models. It also explores cloud security threats, lists a few security solutions
, and proposes a promsing research direction to deal with the evolving security
challenges in Cloud computing
Dynamic Session Key Exchange Method using Two S-Boxes
This paper presents modifications of the Diffie-Hellman (DH) key exchange
method. The presented modifications provide better security than other key
exchange methods. We are going to present a dynamic security that
simultaneously realizes all the three functions with a high efficiency and then
give a security analysis. It also presents secure and dynamic key exchange
method. Signature, encryption and key exchange are some of the most important
and foundational Crypto-graphical tools. In most cases, they are all needed to
provide different secure functions. On the other hand, there are also some
proposals on the efficient combination of key exchange. In this paper, we
present a dynamic, reliable and secure method for the exchange of session key.
Moreover, the proposed modification method could achieve better performance
efficiency.Comment: 10 pages, 11 figures, IJCSEA Journa
- …