Secure Sharing of PHR Data Using Re-Encryption: SESPHR

We propose a technique called SeSPHR for secure sharing of the PHRs in the cloud. The SeSPHR plan guarantees tolerant driven control on the PHRs and jelly the classification of the PHRs. The patients store the scrambled PHRs on the un-confided in cloud servers and specifically award access to various kinds of clients on various segments of the PHRs. A semi-believed intermediary called Setup and Re-encryption Server (SRS) is acquainted with set up people in general/private key sets and to create the re-encryption keys. In addition, the strategy is secure against insider dangers and furthermore implements a forward and in reverse access control. Moreover, we officially examine and confirm the working of SeSPHR strategy through the High Level Petri Nets (HLPN)

Perspectives on anomaly and event detection in exascale systems

Proceeding of: IEEE 5th International Conference on Big Data Security on Cloud (BigDataSecurity), 27-29 May 2019, Washington, USAThe design and implementation of exascale system is nowadays an important challenge. Such a system is expected to combine HPC with Big Data methods and technologies to allow the execution of scientific workloads which are not tractable at this present time. In this paper we focus on an event and anomaly detection framework which is crucial in giving a global overview of a exascale system (which in turn is necessary for the successful implementation and exploitation of the system). We propose an architecture for such a framework and show how it can be used to handle failures during job execution.This work has received funding from the EC-funded H2020 ASPIDE project (Agreement 801091). This work was supported with hardware resources by the Romanian grant BID (PN-III-P1-PFE-28)

Edge-centric multimodal authentication system using encrypted biometric templates

Data security, complete system control, and missed storage and computing opportunities in personal portable devices are some of the major limitations of the centralized cloud environment. Among these limitations, security is a prime concern due to potential unauthorized access to private data. Biometrics, in particular, is considered sensitive data, and its usage is subject to the privacy protection law. To address this issue, a multimodal authentication system using encrypted biometrics for the edge-centric cloud environment is proposed in this study. Personal portable devices are utilized for encrypting biometrics in the proposed system, which optimizes the use of resources and tackles another limitation of the cloud environment. Biometrics is encrypted using a new method. In the proposed system, the edges transmit the encrypted speech and face for processing in the cloud. The cloud then decrypts the biometrics and performs authentication to confirm the identity of an individual. The model for speech authentication is based on two types of features, namely, Mel-frequency cepstral coefficients and perceptual linear prediction coefficients. The model for face authentication is implemented by determining the eigenfaces. The final decision about the identity of a user is based on majority voting. Experimental results show that the new encryption method can reliably hide the identity of an individual and accurately decrypt the biometrics, which is vital for errorless authentication

Electronic identification for universities: Building cross-border services based on the eIDAS infrastructure

The European Union (EU) Regulation 910/2014 on electronic IDentification, Authentication, and trust Services (eIDAS) for electronic transactions in the internal market went into effect on 29 September 2018, meaning that EU Member States are required to recognize the electronic identities issued in the countries that have notified their eID schemes. Technically speaking, a unified interoperability platform—named eIDAS infrastructure—has been set up to connect the EU countries’ national eID schemes to allow a person to authenticate in their home EU country when getting access to services provided by an eIDAS-enabled Service Provider (SP) in another EU country. The eIDAS infrastructure allows the transfer of authentication requests and responses back and forth between its nodes, transporting basic attributes about a person, e.g., name, surname, date of birth, and a so-called eIDAS identifier. However, to build new eIDAS-enabled services in specific domains, additional attributes are needed. We describe our approach to retrieve and transport new attributes through the eIDAS infrastructure, and we detail their exploitation in a selected set of academic services. First, we describe the definition and the support for the additional attributes in the eIDAS nodes. We then present a solution for their retrieval from our university. Finally, we detail the design, implementation, and installation of two eIDAS-enabled academic services at our university: the eRegistration in the Erasmus student exchange program and the Login facility with national eIDs on the university portal

A policy-based containerized filter for secure information sharing in organizational environments

In organizational environments, sensitive information is unintentionally exposed and sent to the cloud without encryption by insiders that even were previously informed about cloud risks. To mitigate the effects of this information privacy paradox, we propose the design, development and implementation of SecFilter, a security filter that enables organizations to implement security policies for information sharing. SecFilter automatically performs the following tasks: (a) intercepts files before sending them to the cloud; (b) searches for sensitive criteria in the context and content of the intercepted files by using mining techniques; (c) calculates the risk level for each identified criterion; (d) assigns a security level to each file based on the detected risk in its content and context; and (e) encrypts each file by using a multi-level security engine, based on digital envelopes from symmetric encryption, attribute-based encryption and digital signatures to guarantee the security services of confidentiality, integrity and authentication on each file at the same time that access control mechanisms are enforced before sending the secured file versions to cloud storage. A prototype of SecFilter was implemented for a real-world file sharing application that has been deployed on a private cloud. Fine-tuning of SecFilter components is described and a case study has been conducted based on document sharing of a well-known repository (MedLine corpus). The experimental evaluation revealed the feasibility and efficiency of applying a security filter to share information in organizational environmentsThis work has been partially supported by the Spanish “Ministerio de Economia y Competitividad” under the project grant TIN2016-79637-P “Towards Unification of HPC and Big Dataparadigms”

Privacy-Preserving Clustering of Unstructured Big Data for Cloud-Based Enterprise Search Solutions

Cloud-based enterprise search services (e.g., Amazon Kendra) are enchanting to big data owners by providing them with convenient search solutions over their enterprise big datasets. However, individuals and businesses that deal with confidential big data (eg, credential documents) are reluctant to fully embrace such services, due to valid concerns about data privacy. Solutions based on client-side encryption have been explored to mitigate privacy concerns. Nonetheless, such solutions hinder data processing, specifically clustering, which is pivotal in dealing with different forms of big data. For instance, clustering is critical to limit the search space and perform real-time search operations on big datasets. To overcome the hindrance in clustering encrypted big data, we propose privacy-preserving clustering schemes for three forms of unstructured encrypted big datasets, namely static, semi-dynamic, and dynamic datasets. To preserve data privacy, the proposed clustering schemes function based on statistical characteristics of the data and determine (A) the suitable number of clusters and (B) appropriate content for each cluster. Experimental results obtained from evaluating the clustering schemes on three different datasets demonstrate between 30% to 60% improvement on the clusters' coherency compared to other clustering schemes for encrypted data. Employing the clustering schemes in a privacy-preserving enterprise search system decreases its search time by up to 78%, while increases the search accuracy by up to 35%.Comment: arXiv admin note: text overlap with arXiv:1908.0496