2,755 research outputs found

    Hidden in the Cloud : Advanced Cryptographic Techniques for Untrusted Cloud Environments

    Get PDF
    In the contemporary digital age, the ability to search and perform operations on encrypted data has become increasingly important. This significance is primarily due to the exponential growth of data, often referred to as the "new oil," and the corresponding rise in data privacy concerns. As more and more data is stored in the cloud, the need for robust security measures to protect this data from unauthorized access and misuse has become paramount. One of the key challenges in this context is the ability to perform meaningful operations on the data while it remains encrypted. Traditional encryption techniques, while providing a high level of security, render the data unusable for any practical purpose other than storage. This is where advanced cryptographic protocols like Symmetric Searchable Encryption (SSE), Functional Encryption (FE), Homomorphic Encryption (HE), and Hybrid Homomorphic Encryption (HHE) come into play. These protocols not only ensure the confidentiality of data but also allow computations on encrypted data, thereby offering a higher level of security and privacy. The ability to search and perform operations on encrypted data has several practical implications. For instance, it enables efficient Boolean queries on encrypted databases, which is crucial for many "big data" applications. It also allows for the execution of phrase searches, which are important for many machine learning applications, such as intelligent medical data analytics. Moreover, these capabilities are particularly relevant in the context of sensitive data, such as health records or financial information, where the privacy and security of user data are of utmost importance. Furthermore, these capabilities can help build trust in digital systems. Trust is a critical factor in the adoption and use of digital services. By ensuring the confidentiality, integrity, and availability of data, these protocols can help build user trust in cloud services. This trust, in turn, can drive the wider adoption of digital services, leading to a more inclusive digital society. However, it is important to note that while these capabilities offer significant advantages, they also present certain challenges. For instance, the computational overhead of these protocols can be substantial, making them less suitable for scenarios where efficiency is a critical requirement. Moreover, these protocols often require sophisticated key management mechanisms, which can be challenging to implement in practice. Therefore, there is a need for ongoing research to address these challenges and make these protocols more efficient and practical for real-world applications. The research publications included in this thesis offer a deep dive into the intricacies and advancements in the realm of cryptographic protocols, particularly in the context of the challenges and needs highlighted above. Publication I presents a novel approach to hybrid encryption, combining the strengths of ABE and SSE. This fusion aims to overcome the inherent limitations of both techniques, offering a more secure and efficient solution for key sharing and access control in cloud-based systems. Publication II further expands on SSE, showcasing a dynamic scheme that emphasizes forward and backward privacy, crucial for ensuring data integrity and confidentiality. Publication III and Publication IV delve into the potential of MIFE, demonstrating its applicability in real-world scenarios, such as designing encrypted private databases and additive reputation systems. These publications highlight the transformative potential of MIFE in bridging the gap between theoretical cryptographic concepts and practical applications. Lastly, Publication V underscores the significance of HE and HHE as a foundational element for secure protocols, emphasizing its potential in devices with limited computational capabilities. In essence, these publications not only validate the importance of searching and performing operations on encrypted data but also provide innovative solutions to the challenges mentioned. They collectively underscore the transformative potential of advanced cryptographic protocols in enhancing data security and privacy, paving the way for a more secure digital future

    Digital transformation in food supply chains: an implementation framework

    Get PDF
    Purpose Digital transformation using Industry 4.0 technologies can address various challenges in food supply chains (FSCs). However, the integration of emerging technologies to achieve digital transformation in FSCs is unclear. This study aims to establish how the digital transformation of FSCs can be achieved by adopting key technologies such as the Internet of Things (IoTs), cloud computing (CC) and big data analytics (BDA). Design/methodology/approach A systematic literature review (SLR) resulted in 57 articles from 2008 to 2022. Following descriptive and thematic analysis, a conceptual framework based on the diffusion of innovation (DOI) theory and the context-intervention-mechanism-outcome (CIMO) logic is established, along with avenues for future research. Findings The combination of DOI theory and CIMO logic provides the theoretical foundation for linking the general innovation process to the digital transformation process. A novel conceptual framework for achieving digital transformation in FSCs is developed from the initiation to implementation phases. Objectives and principles for digitally transforming FSCs are identified for the initiation phase. A four-layer technology implementation architecture is developed for the implementation phase, facilitating multiple applications for FSC digital transformation. Originality/value The study contributes to the development of theory on digital transformation in FSCs and offers managerial guidelines for accelerating the growth of the food industry using key Industry 4.0 emerging technologies. The proposed framework brings clarity into the “neglected” intermediate stage of data management between data collection and analysis. The study highlights the need for a balanced integration of IoT, CC and BDA as key Industry 4.0 technologies to achieve digital transformation successfully

    Crowdsourcing Strategizing: A View From the Top

    Get PDF
    Crowdsourcing strategizing is the application of crowdsourcing for organizational strategy development. While crowdsourcing is experiencing popularity in application and discussion, the concept is not new. However, literature on the value of crowdsourcing strategizing is not widespread in academic or business works. This qualitative case study explored crowdsourcing strategizing in Richmond, Virginia metro area nonprofits. The study was conducted to explore the lack of understanding on the value of crowdsourcing strategizing, with a focus on leaderships perspective of value. The results showed that nonprofit leaders found value in the crowdsourced data gathered through crowdsourcing strategizing

    E-Tenon: An efficient privacy-preserving secure open data sharing scheme for EHR system

    Get PDF
    The transition from paper-based information to Electronic-Health-Records (EHRs) has driven various advancements in the modern healthcare industry. In many cases, patients need to share their EHR with healthcare professionals. Given the sensitive and security-critical nature of EHRs, it is essential to consider the security and privacy issues of storing and sharing EHR. However, existing security solutions excessively encrypt the whole database, thus requiring the entire database to be decrypted for each access request, which is time-consuming. On the other hand, the use of EHR for medical research (e.g., development of precision medicine and diagnostics techniques) and optimisation of practices in healthcare organisations require the EHR to be analysed. To achieve that, they should be easily accessible without compromising the patient’s privacy. In this paper, we propose an efficient technique called E-Tenon that not only securely keeps all EHR publicly accessible but also provides the desired security features. To the best of our knowledge, this is the first work in which an Open Database is used for protecting EHR. The proposed E-Tenon empowers patients to securely share their EHR under their own multi-level, fine-grained access policies. Analyses show that our system outperforms existing solutions in terms of computational complexity

    Configuration Management of Distributed Systems over Unreliable and Hostile Networks

    Get PDF
    Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems. This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration. Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture. The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn. Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts

    Distributed Ledger Technology (DLT) Applications in Payment, Clearing, and Settlement Systems:A Study of Blockchain-Based Payment Barriers and Potential Solutions, and DLT Application in Central Bank Payment System Functions

    Get PDF
    Payment, clearing, and settlement systems are essential components of the financial markets and exert considerable influence on the overall economy. While there have been considerable technological advancements in payment systems, the conventional systems still depend on centralized architecture, with inherent limitations and risks. The emergence of Distributed ledger technology (DLT) is being regarded as a potential solution to transform payment and settlement processes and address certain challenges posed by the centralized architecture of traditional payment systems (Bank for International Settlements, 2017). While proof-of-concept projects have demonstrated the technical feasibility of DLT, significant barriers still hinder its adoption and implementation. The overarching objective of this thesis is to contribute to the developing area of DLT application in payment, clearing and settlement systems, which is still in its initial stages of applications development and lacks a substantial body of scholarly literature and empirical research. This is achieved by identifying the socio-technical barriers to adoption and diffusion of blockchain-based payment systems and the solutions proposed to address them. Furthermore, the thesis examines and classifies various applications of DLT in central bank payment system functions, offering valuable insights into the motivations, DLT platforms used, and consensus algorithms for applicable use cases. To achieve these objectives, the methodology employed involved a systematic literature review (SLR) of academic literature on blockchain-based payment systems. Furthermore, we utilized a thematic analysis approach to examine data collected from various sources regarding the use of DLT applications in central bank payment system functions, such as central bank white papers, industry reports, and policy documents. The study's findings on blockchain-based payment systems barriers and proposed solutions; challenge the prevailing emphasis on technological and regulatory barriers in the literature and industry discourse regarding the adoption and implementation of blockchain-based payment systems. It highlights the importance of considering the broader socio-technical context and identifying barriers across all five dimensions of the social technical framework, including technological, infrastructural, user practices/market, regulatory, and cultural dimensions. Furthermore, the research identified seven DLT applications in central bank payment system functions. These are grouped into three overarching themes: central banks' operational responsibilities in payment and settlement systems, issuance of central bank digital money, and regulatory oversight/supervisory functions, along with other ancillary functions. Each of these applications has unique motivations or value proposition, which is the underlying reason for utilizing in that particular use case

    Protecting Privacy in Indian Schools: Regulating AI-based Technologies' Design, Development and Deployment

    Get PDF
    Education is one of the priority areas for the Indian government, where Artificial Intelligence (AI) technologies are touted to bring digital transformation. Several Indian states have also started deploying facial recognition-enabled CCTV cameras, emotion recognition technologies, fingerprint scanners, and Radio frequency identification tags in their schools to provide personalised recommendations, ensure student security, and predict the drop-out rate of students but also provide 360-degree information of a student. Further, Integrating Aadhaar (digital identity card that works on biometric data) across AI technologies and learning and management systems (LMS) renders schools a ‘panopticon’. Certain technologies or systems like Aadhaar, CCTV cameras, GPS Systems, RFID tags, and learning management systems are used primarily for continuous data collection, storage, and retention purposes. Though they cannot be termed AI technologies per se, they are fundamental for designing and developing AI systems like facial, fingerprint, and emotion recognition technologies. The large amount of student data collected speedily through the former technologies is used to create an algorithm for the latter-stated AI systems. Once algorithms are processed using machine learning (ML) techniques, they learn correlations between multiple datasets predicting each student’s identity, decisions, grades, learning growth, tendency to drop out, and other behavioural characteristics. Such autonomous and repetitive collection, processing, storage, and retention of student data without effective data protection legislation endangers student privacy. The algorithmic predictions by AI technologies are an avatar of the data fed into the system. An AI technology is as good as the person collecting the data, processing it for a relevant and valuable output, and regularly evaluating the inputs going inside an AI model. An AI model can produce inaccurate predictions if the person overlooks any relevant data. However, the state, school administrations and parents’ belief in AI technologies as a panacea to student security and educational development overlooks the context in which ‘data practices’ are conducted. A right to privacy in an AI age is inextricably connected to data practices where data gets ‘cooked’. Thus, data protection legislation operating without understanding and regulating such data practices will remain ineffective in safeguarding privacy. The thesis undergoes interdisciplinary research that enables a better understanding of the interplay of data practices of AI technologies with social practices of an Indian school, which the present Indian data protection legislation overlooks, endangering students’ privacy from designing and developing to deploying stages of an AI model. The thesis recommends the Indian legislature frame better legislation equipped for the AI/ML age and the Indian judiciary on evaluating the legality and reasonability of designing, developing, and deploying such technologies in schools

    Digitalization and Development

    Get PDF
    This book examines the diffusion of digitalization and Industry 4.0 technologies in Malaysia by focusing on the ecosystem critical for its expansion. The chapters examine the digital proliferation in major sectors of agriculture, manufacturing, e-commerce and services, as well as the intermediary organizations essential for the orderly performance of socioeconomic agents. The book incisively reviews policy instruments critical for the effective and orderly development of the embedding organizations, and the regulatory framework needed to quicken the appropriation of socioeconomic synergies from digitalization and Industry 4.0 technologies. It highlights the importance of collaboration between government, academic and industry partners, as well as makes key recommendations on how to encourage adoption of IR4.0 technologies in the short- and long-term. This book bridges the concepts and applications of digitalization and Industry 4.0 and will be a must-read for policy makers seeking to quicken the adoption of its technologies

    Incorporating citizen science:enhancing hydrological modeling through crowdsourcing

    Get PDF
    Abstract. General public participating in research design, data collection or analysis process is often referred to as citizen science, and when digital means are involved, it’s defined as crowdsourcing. This thesis project is aimed at examining the feasibility and potential of using citizen science/crowdsourcing for hydrological modelling. The research project revolves around developing a user friendly crowdsourcing mobile application for gathering data from the citizens, which will be specific to urban flooding data, river ice data, lake water quality data and vegetation condition data. The registered users are able to register on the application and upload data in the form of reports, which will be in text form and also attach images of the situation. In the end, we utilize the text reports uploaded by users regarding urban flooding to extract useful hydrological insights, that could be used for updating already existing hydrological models as well as create new hydrological models using NLP. The results indicate that it is possible to extract useful insights from the data reports submitted by the citizen scientists, which could be further used for updating hydrological models or maybe set alerts for the hydrologists in case of important hydrological updates
    • 

    corecore