Cloud data security and various cryptographic algorithms

Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Developing Assamese Information Retrieval System Considering NLP Techniques: an attempt for a low resourced language

This paper engulfs the activities involved in developing a Monolingual Information Retrieval (IR) system for an Indo-Aryan language- Assamese. In a multilingual country like India, where 23 official languages exist, the task of digitizing local language contents is growing tremendously. To meet the need of each individual’s relevant information, monolingual Information Retrieval in own language is very essential. The work aims to develop a search engine that retrieves relevant information for the fired query in one's respective language. Various Linguists, Researchers collaborated with the work, provided valuable information and developed various important resources. Many informative resources, language resources, tools technologies were research, analyze, develop and applied in implementing the overall pipeline. The search engine is frame worked on open search platforms- Solr and Nutch with NLP applications embedded in it. Computational Linguistics or Natural Language Processing (NLP) enhances the performance of the IR system. Each phase of the system is being elaborately described in this paper and explained step-wise. This work is a remarkable contribution to Assamese language technology and an important application of NLP

Security protocols for mobile ubiquitous e-health systems

Mención Internacional en el título de doctorWearable and implantable medical devices constitute an already established industry nowadays. According to a recent research [113], North America is currently the most important market followed by Europe, Asia-Pacific and the rest of the world. Additionally, the same document remarks the importance of the Asia-Pacific region due to the rising ageing population and the overpopulation in that area. The most common implantable medical devices include pacemakers, defibrillators, cochlear implants, insulin pumps, and neurostimulators among others. In recent years, the proliferation of smartphones and other mobile “smart” devices with substantial computational and communication capabilities have reshaped the way wireless body area network may be implemented. In their current generation (or in a near future), all of them share a common feature: wireless communication capabilities [127]. Moreover, implantable medical devices have the ability to support and store telemetry data facilitating the remote monitoring of the patient. Medical devices can be part of a wireless body area network, operating both as sensors and as actuators and making decisions in real time. On the other hand, a new kind of devices called wearables such as smart bracelets or smart watches have been equipped with several sensors like Photoplethysmogram (PPG) to record the heart beats, accelerometers to count the steps or Global Positioning System (GPS) to geopositioning users and were originally conceived as cheap solutions to help people to improve their workout. However these devices have demonstrated to be quite useful in many healthcare environments due to a huge variety of different and low-cost medical sensors. Thus, patients can be monitored for long periods of time without interfering in their daily life and taking their vital signs constantly under control. Security and privacy issues have been described as two of the most challenging problems of implantable medical devices and, more generally, wireless body area networks [6, 47, 84, 103]. As an example, it has been demonstrated that somebody equipped with a low cost device can eavesdrop on the data exchanged between a reader and a peacemaker and may even induce a cardiac arrest [71]. Health-related data have been the focus of several attacks almost since the adoption of computers in the healthcare domain. As a recent example, in 2010 personal data from more than 26 million of veterans were stolen from the Department of Veterans Affairs’ database in the US by an employee who had access to the database [104]. The Ponemon Institute pointed out that Germany and the US spent in 2013 more than $7.56 and$11 millions, respectively, to protect personal health records from attacks. This PhD dissertation explores the security and privacy of data in healthcare environments where confidential information is measured in real time by some sensors placed in, on, or around the human body. Security and privacy in medical conditions have been widely studied by the research community, nonetheless with the recent boom of wearable devices, new security issues have arisen. The first part of this dissertation is dedicated to the introduction and to expose both the main motivation and objectives of this PhD Thesis. Additionally the contributions and the organization of this document are also presented. In the second part a recent proposal has been analysed from the security and privacy points of view. From this study, vulnerabilities concerning to full disclosure, impersonation, traceability, de-synchronization, and Denial-of-Service (DoS) attacks have been found. These attacks make the protocol infeasible to be introduced with an adequate security and sufficient privacy protection level. Finally, a new protocol named Fingerprint⁺ protocol for Internet of Thing (IoT) is presented, which is based on ISO/IEC 9798-2 and ISO/IEC 18000-6C and whose security is formally verified using BAN logic. In the third part of this dissertation, a new system based on International Standard Organization (ISO) standards and security National Institute of Standards and Technology (NIST) recommendations have been proposed. First, we present a mutual entity authentication protocol inspired on ISO/IEC 9798 Part 2. This system could be deployed in a hospital where Radio Frequency IDentification (RFID) technology may be used to prune blood-handling errors, i.e., the identities of the patients and blood bags are confirmed (authentication protocol) and after that the matching between both entities is checked (verification step). Second, a secure messaging protocol inspired on ISO/IEC 11770 Part 2 and similar to that used in electronic passports is presented. Nowadays the new generation of medical implants possess wireless connectivity. Imagine a doctor equipped with a reader aims to access the records of vital signals stored on the memory of an implant. In this scenario, the doctor (reader) and the patient (implant) are first mutually authenticated and then a secure exchange of data can be performed. The fourth part of this Thesis provides an architecture based on two cryptographic protocols, the first one is for publishing personal data in a body area network composed of different sensors whereas the second one is designed for sending commands to those sensors by guaranteeing the confidentiality and fine-grained access control to the private data. Both protocols are based on a recently proposed public cryptography paradigm named ciphertext policy attribute-based encryption scheme which is lightweight enough to be embedded into wearable devices and sensors. Contrarily to other proposals made on this field, this architecture allows sensors not only to encrypt data but also to decrypt messages generated by other devices. The fifth part presents a new decentralized attribute based encryption scheme named Decentralized Ciphertext-Policy Attribute Based Searchable Encryption that incorporates ciphertext-policy attribute-based encryption with keyword search over encrypted data. This scheme allows users to (a) encrypt their personal data collected by a Wireless Body Area Network (WBAN) according to a policy of attributes; (b) define a set of keywords to enable other users (e.g., hospital stuff) to perform encrypted search over their personal (encrypted) data; (c) securely store the encrypted data on a semi-honest server and let the semi-honest server run the (encrypted) keyword search. Note that any user can perform a keyword query on the encrypted data, however the decryption of the resulting ciphertexts is possible only for users whose attribute satisfy the policy with which the data had been encrypted. We state and prove the security of our scheme against an honest-but-curious server and a passive adversary. Finally, we implement our system on heterogeneous devices and demonstrate its efficiency and scalability. Finally, this document ends with a conclusions achieved during this PhD and a summary of the main published contributions.Los dispositivos médicos implantables como los marcapasos o las bombas de insulina fueron concebidas originalmente para controlar automáticamente ciertos parámetros biológicos y, llegado el caso, poder actuar ante comportamientos anómalos como ataques cardíacos o episodios de hipoglucemia. Recientemente, han surgido uno dispositivos llamados wearables como las pulseras cuantificadoras, los relojes inteligentes o las bandas pectorales. Estos dispositivos han sido equipados con un número de sensores con capacidad de monitorizar señales vitales como el ritmo cardíaco, los movimientos (acelerómetros) o sistemas de posicionamiento (GPS) entre otros muchas opciones, siendo además una solución asequible y accesible para todo el mundo. A pesar de que el propósito original fue la mejora del rendimiento en actividades deportivas, estos dispositivos han resultado ser de gran utilidad en entornos médicos debido a su amplia variedad de sensores. Esta tecnología puede ayudar al personal médico a realizar seguimientos personalizados, constantes y en tiempo real del comportamiento de los pacientes, sin necesidad de interferir en sus vidas cotidianas. Esta Tesis doctoral está centrada en la seguridad y privacidad en entornos médicos, donde la información es recogida en tiempo real a través de una serie de sensores que pueden estar implantados o equipados en el propio paciente. La seguridad y la privacidad en entornos médicos ha sido el foco de muchos investigadores, no obstante con el reciente auge de los wearables se han generado nuevos retos debido a que son dispositivos con fuertes restricciones de cómputo, de memoria, de tamaño o de autonomía. En la primera parte de este documento, se introduce el problema de la seguridad y la privacidad en el paradigma de Internet de las cosas y haciendo especial hincapié en los entornos médicos. La motivación así como los principales objetivos y contribuciones también forman parte de este primer capítulo introductorio. La segunda parte de esta Tesis presenta un nuevo protocolo de autenticación basado en RFID para IoT. Este capítulo analiza previamente, desde el punto de vista de la seguridad y la privacidad un protocolo publicado recientemente y, tras demostrar que carece de las medidas de seguridad suficientes, un nuevo protocolo llamado Fingerprint⁺ compatible con los estándares de seguridad definidos en el estándar ISO/IEC 9798-2 y EPC-C1G2 (equivalente al estándard ISO/IEC 18000-6C) ha sido propuesto. Un nuevo sistema basado en estándares ISO y en recomendaciones realizadas por el NIST ha sido propuesto en la tercera parte de esta Tesis. En este capítulo se presentan dos protocolos bien diferenciados, el primero de ellos consiste en un protocolo de autenticación basado en el estándar ISO/IEC 9798 Part 2. A modo de ejemplo, este protocolo puede evitar problemas de compatibilidad sanguínea, es decir, primero se confirma que el paciente es quien dice ser y que la bolsa de sangre realmente contiene sangre (proceso de autenticación). Posteriormente se comprueba que esa bolsa de sangre va a ser compatible con el paciente (proceso de verificación). El segundo de los protocolos propuestos consiste en un protocolo seguro para el intercambio de información basado en el estándar ISO/IEC 11770 Part 2 (el mismo que los pasaportes electrónicos). Siguiendo con el ejemplo médico, imaginemos que un doctor equipado con un lector de radiofrecuencia desea acceder a los datos que un dispositivo implantado en el paciente está recopilando. En este escenario tanto el lector como el implante, se deben autenticar mutuamente para poder realizar el intercambio de información de manera segura. En el cuarto capítulo, una nueva arquitectura basada en el modelo de Publish/Subscribe ha sido propuesto. Esta solución está compuesta de dos protocolos, uno para el intercambio de información en una red de área personal y otro para poder reconfigurar el comportamiento de los sensores. Ambos protocolos están diseñados para garantizar tanto la seguridad como la privacidad de todos los datos que se envían en la red. Para ello, el sistema está basado en un sistema de criptografía de clave pública llamado Attribute Based Encryption que es suficientemente ligero y versátil como para ser implementado en dispositivos con altas restricciones de cómputo y de memoria. A continuación, en el quinto capítulo se propone una solución completamente orientada a entornos médicos donde la información que los sensores obtienen de los pacientes es cifrada y almacenada en servidores públicos. Una vez en estos servidores, cualquier usuario con privilegios suficientes puede realizar búsquedas sobre datos cifrados, obtener la información y descifrarla. De manera adicional, antes de que los datos cifrados se manden a la nube, el paciente puede definir una serie de palabras claves que se enlazarán a los datos para permitir posteriormente búsquedas y así obtener la información relacionada a un tema en concreto de manera fácil y eficiente. El último capítulo de esta Tesis se muestran las principales conclusiones obtenidas así como un resumen de las contribuciones científicas publicadas durante el período doctoral.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús Garicia López de Lacall

Pervasive Personal Information Spaces

Each user’s electronic information-interaction uniquely matches their information behaviour, activities and work context. In the ubiquitous computing environment, this information-interaction and the underlying personal information is distributed across multiple personal devices. This thesis investigates the idea of Pervasive Personal Information Spaces for improving ubiquitous personal information-interaction. Pervasive Personal Information Spaces integrate information distributed across multiple personal devices to support anytime-anywhere access to an individual’s information. This information is then visualised through context-based, flexible views that are personalised through user activities, diverse annotations and spontaneous information associations. The Spaces model embodies the characteristics of Pervasive Personal Information Spaces, which emphasise integration of the user’s information space, automation and communication, and flexible views. The model forms the basis for InfoMesh, an example implementation developed for desktops, laptops and PDAs. The design of the system was supported by a tool developed during the research called activity snaps that captures realistic user activity information for aiding the design and evaluation of interactive systems. User evaluation of InfoMesh elicited a positive response from participants for the ideas underlying Pervasive Personal Information Spaces, especially for carrying out work naturally and visualising, interpreting and retrieving information according to personalised contexts, associations and annotations. The user studies supported the research hypothesis, revealing that context-based flexible views may indeed provide better contextual, ubiquitous access and visualisation of information than current-day systems

Applications in security and evasions in machine learning : a survey

In recent years, machine learning (ML) has become an important part to yield security and privacy in various applications. ML is used to address serious issues such as real-time attack detection, data leakage vulnerability assessments and many more. ML extensively supports the demanding requirements of the current scenario of security and privacy across a range of areas such as real-time decision-making, big data processing, reduced cycle time for learning, cost-efficiency and error-free processing. Therefore, in this paper, we review the state of the art approaches where ML is applicable more effectively to fulfill current real-world requirements in security. We examine different security applications' perspectives where ML models play an essential role and compare, with different possible dimensions, their accuracy results. By analyzing ML algorithms in security application it provides a blueprint for an interdisciplinary research area. Even with the use of current sophisticated technology and tools, attackers can evade the ML models by committing adversarial attacks. Therefore, requirements rise to assess the vulnerability in the ML models to cope up with the adversarial attacks at the time of development. Accordingly, as a supplement to this point, we also analyze the different types of adversarial attacks on the ML models. To give proper visualization of security properties, we have represented the threat model and defense strategies against adversarial attack methods. Moreover, we illustrate the adversarial attacks based on the attackers' knowledge about the model and addressed the point of the model at which possible attacks may be committed. Finally, we also investigate different types of properties of the adversarial attacks

Cyber Security and Critical Infrastructures 2nd Volume

The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems