10,782 research outputs found
Designing A Standard-Based Approach for Security of Healthcare Systems
Healthcare systems in recent years have had the highest cost of breaches. Data security is one of the most obstacles encountered in the healthcare system, which could cancel the integrity, availability, and confidentiality of medical data. These breaches are expected to increase in the future. Therefore, it has become necessary to develop systems that provide full protection for patients. Healthcare systems security can be improved greatly by involving security requirements in the early phases of system implementation. Usually, the security requirements are only handled from a technical viewpoint during the implementation phases. When building security in the implementation phase, this leads to weakness in system security and an increase in violations. So, this research paper is aimed to improve the security of healthcare systems, by focusing on security requirements in the early phase, and making the healthcare systems less vulnerable to hacking or any external threat by restricting access to healthcare systems. This research paper proposes designing a standard-based approach to the security of the healthcare system, which analyzes and combines system and software security requirements required to gain a secure healthcare system architecture. Both types of security requirements are designed in the healthcare architecture based on the COSMIC ISO/IEC 19761 standards. A case study is introduced for the proposed standard-based approach experimented by using the system and software security requirements specifications to protect the pharmacy system in the healthcare system from ransomware
Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements
Video conferencing apps like Zoom have hundreds of millions of daily users, making them a high-value target for surveillance and subversion. While such apps claim to achieve some forms of end-to-end encryption, they usually assume an incorruptible server that is able to identify and authenticate all the parties in a meeting. Concretely this means that, e.g., even when using the âend-to-end encryptedâ setting, malicious Zoom servers could eavesdrop or impersonate in arbitrary groups.
In this work, we show how security against malicious servers can be improved by changing the way in which such protocols use passwords (known as passcodes in Zoom) and integrating
a password-authenticated key exchange (PAKE) protocol.
To formally prove that our approach achieves its goals, we
formalize a class of cryptographic protocols suitable for this setting, and define a basic security notion for them, in which group security can be achieved assuming the server is trusted to correctly authorize the group members. We prove that Zoom indeed meets this notion. We then propose a stronger security notion that can provide security against malicious servers, and propose a transformation that can achieve this notion. We show how we can apply our transformation to Zoom to provably achieve stronger security against malicious servers, notably without introducing new security elements
Enhancing cryptographic protection, authentication, and authorization in cellular networks: a comprehensive research study
This research article provides an extensive analysis of novel methods of cryptographic protection as well as advancements in authentication and authorization techniques within cellular networks. The aim is to explore recent literature and identify effective authentication and authorization methods, including high-speed data encryption. The significance of this study lies in the growing need for enhanced data security in scientific research. Therefore, the focus is on identifying suitable authentication and authorization schemes, including blockchain-based approaches for distributed mobile cloud computing. The research methodology includes observation, comparison, and abstraction, allowing for a comprehensive examination of advanced encryption schemes and algorithms. Topics covered in this article include multi-factor authentication, continuous authentication, identity-based cryptography for vehicle-to-vehicle (V2V) communication, secure blockchain-based authentication for fog computing, internet of things (IoT) device mutual authentication, authentication for wireless sensor networks based on blockchain, new secure authentication schemes for standard wireless telecommunications networks, and the security aspects of 4G and 5G cellular networks. Additionally, in the paper a differentiated authentication mechanism for heterogeneous 6G networks blockchain-based is discussed. The findings presented in this article hold practical value for organizations involved in scientific research and information security, particularly in encryption and protection of sensitive data
Securing NextG networks with physical-layer key generation: A survey
As the development of next-generation (NextG) communication networks continues, tremendous devices are accessing the network and the amount of information is exploding. However, with the increase of sensitive data that requires confidentiality to be transmitted and stored in the network, wireless network security risks are further amplified. Physical-layer key generation (PKG) has received extensive attention in security research due to its solid information-theoretic security proof, ease of implementation, and low cost. Nevertheless, the applications of PKG in the NextG networks are still in the preliminary exploration stage. Therefore, we survey existing research and discuss (1) the performance advantages of PKG compared to cryptography schemes, (2) the principles and processes of PKG, as well as research progresses in previous network environments, and (3) new application scenarios and development potential for PKG in NextG communication networks, particularly analyzing the effect and prospects of PKG in massive multiple-input multiple-output (MIMO), reconfigurable intelligent surfaces (RISs), artificial intelligence (AI) enabled networks, integrated space-air-ground network, and quantum communication. Moreover, we summarize open issues and provide new insights into the development trends of PKG in NextG networks
A novel distributed authentication of blockchain technology integration in IoT services
Internet of Things (IoT) is currently playing a major role in how intelligent devices are interconnected and deployed to automate services in transport and smart living sectors. However, IoT is facing challenges in terms of data protection and authentication due to the heterogeneous nature of IoT devices that do not exhibit a central authority. It is crucial to provide secure and trustworthy solutions for the increasing demands of decentralized IoT environments. To this end, this research proposes a novel integration of blockchain-technologies in IoT services to enhance security, data integrity, users privacy, system scalability and interoperability of devices. This is done by leveraging smart contracts to enforce authentication, access control and data exchange mechanisms for IoT devices. The proposed approach is verified by the construction and deployment of a smart contract over the Polygon blockchain network in a simulated real-world IoT scenario. The obtained results show that the proposed approach ensures fast and secure authentication in IoT networks by decreasing the risk of unauthorized access and data tampering
DeVoS: Deniable Yet Verifiable Vote Updating
peer reviewedInternet voting systems are supposed to meet the same high standards as traditional paper-based systems when used in real political elections: freedom of choice, universal and equal suffrage, secrecy of the ballot, and independent verifiability of the election result. Although numerous Internet voting systems have been proposed to achieve these challenging goals simultaneously, few come close in reality.
We propose a novel publicly verifiable and practically efficient Internet voting system, DeVoS, that advances the state of the art. The main feature of DeVoS is its ability to protect voters' freedom of choice in several dimensions. First, voters in DeVoS can intuitively update their votes in a way that is deniable to observers but verifiable by the voters; in this way voters can secretly overwrite potentially coerced votes. Second, in addition to (basic) vote privacy, DeVoS also guarantees strong participation privacy by end-to-end hiding which voters have submitted ballots and which have not. Finally, DeVoS is fully compatible with Perfectly Private Audit Trail, a state-of-the-art Internet voting protocol with practical everlasting privacy. In combination, DeVoS offers a new way to secure free Internet elections with strong and long-term privacy properties
Developing Decentralized Data Storage Network Using Blockchain Technology to Prevent Data Alteration
In the face of escalating global data exchange, the pronounced vulnerability oftraditional centralized storage networks to manipulation and attacks poses a pressing challenge. Digital service providers, entrusted with vast datasets, grapple with the formidable task of ensuring the security, integrity, and continuous availability of their stored information. This paper tackles these multifaceted issues by proposing a decentralized data storage network empowered by blockchain technology. This approach systematically mitigates the inherent susceptibilities of centralized systems, thereby providing heightened resilience against unauthorized alterations and malicious attacks that compromise digital information integrity. Moreover, the decentralized model holds significant promise for securing public data. By leveraging the transparency and immutability of blockchain ledgers, this approach not only safeguards against unauthorized access but also actively fosters transparency and accountability in data management. This makes it particularly well-suited for ensuring the security and integrity of public data, addressing concerns related to trust and reliability in the ever-evolving landscape of information exchange
Authentication enhancement in command and control networks: (a study in Vehicular Ad-Hoc Networks)
Intelligent transportation systems contribute to improved traffic safety by facilitating real time communication between vehicles. By using wireless channels for communication, vehicular networks are susceptible to a wide range of attacks, such as impersonation, modification, and replay. In this context, securing data exchange between intercommunicating terminals, e.g., vehicle-to-everything (V2X) communication, constitutes a technological challenge that needs to be addressed. Hence, message authentication is crucial to safeguard vehicular ad-hoc networks (VANETs) from malicious attacks. The current state-of-the-art for authentication in VANETs relies on conventional cryptographic primitives, introducing significant computation and communication overheads. In this challenging scenario, physical (PHY)-layer authentication has gained popularity, which involves leveraging the inherent characteristics of wireless channels and the hardware imperfections to discriminate between wireless devices. However, PHY-layerbased authentication cannot be an alternative to crypto-based methods as the initial legitimacy detection must be conducted using cryptographic methods to extract the communicating terminal secret features. Nevertheless, it can be a promising complementary solution for the reauthentication problem in VANETs, introducing what is known as âcross-layer authentication.â This thesis focuses on designing efficient cross-layer authentication schemes for VANETs, reducing the communication and computation overheads associated with transmitting and verifying a crypto-based signature for each transmission. The following provides an overview of the proposed methodologies employed in various contributions presented in this thesis.
1. The first cross-layer authentication scheme: A four-step process represents this approach: initial crypto-based authentication, shared key extraction, re-authentication via a PHY challenge-response algorithm, and adaptive adjustments based on channel conditions. Simulation results validate its efficacy, especially in low signal-to-noise ratio (SNR) scenarios while proving its resilience against active and passive attacks.
2. The second cross-layer authentication scheme: Leveraging the spatially and temporally correlated wireless channel features, this scheme extracts high entropy shared keys that can be used to create dynamic PHY-layer signatures for authentication. A 3-Dimensional (3D) scattering Doppler emulator is designed to investigate the schemeâs performance at different speeds of a moving vehicle and SNRs. Theoretical and hardware implementation analyses prove the schemeâs capability to support high detection probability for an acceptable false alarm value †0.1 at SNR â„ 0 dB and speed †45 m/s.
3. The third proposal: Reconfigurable intelligent surfaces (RIS) integration for improved authentication: Focusing on enhancing PHY-layer re-authentication, this proposal explores integrating RIS technology to improve SNR directed at designated vehicles. Theoretical analysis and practical implementation of the proposed scheme are conducted using a 1-bit RIS, consisting of 64 Ă 64 reflective units. Experimental results show a significant improvement in the Pd, increasing from 0.82 to 0.96 at SNR = â 6 dB for multicarrier communications.
4. The fourth proposal: RIS-enhanced vehicular communication security: Tailored for challenging SNR in non-line-of-sight (NLoS) scenarios, this proposal optimises key extraction and defends against denial-of-service (DoS) attacks through selective signal strengthening. Hardware implementation studies prove its effectiveness, showcasing improved key extraction performance and resilience against potential threats.
5. The fifth cross-layer authentication scheme: Integrating PKI-based initial legitimacy detection and blockchain-based reconciliation techniques, this scheme ensures secure data exchange. Rigorous security analyses and performance evaluations using network simulators and computation metrics showcase its effectiveness, ensuring its resistance against common attacks and time efficiency in message verification.
6. The final proposal: Group key distribution: Employing smart contract-based blockchain technology alongside PKI-based authentication, this proposal distributes group session keys securely. Its lightweight symmetric key cryptography-based method maintains privacy in VANETs, validated via Ethereumâs main network (MainNet) and comprehensive computation and communication evaluations.
The analysis shows that the proposed methods yield a noteworthy reduction, approximately ranging from 70% to 99%, in both computation and communication overheads, as compared to the conventional approaches. This reduction pertains to the verification and transmission of 1000 messages in total
A Holistic Analysis of Internet of Things (IoT) Security : Principles, Practices, and New Perspectives
Peer reviewedPublisher PD
A Trust Management Framework for Vehicular Ad Hoc Networks
The inception of Vehicular Ad Hoc Networks (VANETs) provides an opportunity for road users and public infrastructure to share information that improves the operation of roads and the driver experience. However, such systems can be vulnerable to malicious external entities and legitimate users. Trust management is used to address attacks from legitimate users in accordance with a userâs trust score. Trust models evaluate messages to assign rewards or punishments. This can be used to influence a driverâs future behaviour or, in extremis, block the driver. With receiver-side schemes, various methods are used to evaluate trust including, reputation computation, neighbour recommendations, and storing historical information. However, they incur overhead and add a delay when deciding whether to accept or reject messages. In this thesis, we propose a novel Tamper-Proof Device (TPD) based trust framework for managing trust of multiple drivers at the sender side vehicle that updates trust, stores, and protects information from malicious tampering. The TPD also regulates, rewards, and punishes each specific driver, as required. Furthermore, the trust score determines the classes of message that a driver can access. Dissemination of feedback is only required when there is an attack (conflicting information). A Road-Side Unit (RSU) rules on a dispute, using either the sum of products of trust and feedback or official vehicle data if available. These âuntrue attacksâ are resolved by an RSU using collaboration, and then providing a fixed amount of reward and punishment, as appropriate. Repeated attacks are addressed by incremental punishments and potentially driver access-blocking when conditions are met. The lack of sophistication in this fixed RSU assessment scheme is then addressed by a novel fuzzy logic-based RSU approach. This determines a fairer level of reward and punishment based on the severity of incident, driver past behaviour, and RSU confidence. The fuzzy RSU controller assesses judgements in such a way as to encourage drivers to improve their behaviour. Although any driver can lie in any situation, we believe that trustworthy drivers are more likely to remain so, and vice versa. We capture this behaviour in a Markov chain model for the sender and reporter driver behaviours where a driverâs truthfulness is influenced by their trust score and trust state. For each trust state, the driverâs likelihood of lying or honesty is set by a probability distribution which is different for each state. This framework is analysed in Veins using various classes of vehicles under different traffic conditions. Results confirm that the framework operates effectively in the presence of untrue and inconsistent attacks. The correct functioning is confirmed with the system appropriately classifying incidents when clarifier vehicles send truthful feedback. The framework is also evaluated against a centralized reputation scheme and the results demonstrate that it outperforms the reputation approach in terms of reduced communication overhead and shorter response time. Next, we perform a set of experiments to evaluate the performance of the fuzzy assessment in Veins. The fuzzy and fixed RSU assessment schemes are compared, and the results show that the fuzzy scheme provides better overall driver behaviour. The Markov chain driver behaviour model is also examined when changing the initial trust score of all drivers
- âŠ