866 research outputs found
Design and Implementation of Secure Location Service Using Software Engineering Approach in the Age of Industry 4.0
Data privacy and security are major concerns in any location-based system. In majority of location-based systems, data security is ensured via data replacement policies. Data replacement or hiding policy requires additional measures for providing required security standards for Industry 4.0. Whereas, cryptography primitives and protocols are integral part of any network and can be re-used for ensuring user’s locations in Industry 4.0 based applications. In this work, an application has been designed and developed that used RSA encryption/decryption algorithm for ensuring location data’s confidentiality. The proposed system is distributed in nature and gives access to location’s information after users get authenticated and authorized. In the proposed system, a threshold-based subset mechanism is adopted for keys and their storage. Server is designed to securely store the location information for clients and provide this information to those set of clients or users who are able to verify sum of subset of keys. This work has elaborated the location-based data confidentiality designs in a distributed client/server environment and presented the in-depth system working with different flow diagrams. The command line and graphical User Interface (GUI)-based implementation shows that the proposed system is capable of working with standard system requirements (i5 processor, 4 GB RAM and 64-bits operating system). In addition to location information, system is able to provide much important information (including IP address, timestamp, time to access, hop count) that enhances the overall system capabilities
Cloud data security and various cryptographic algorithms
Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space
On the feasibility of attribute-based encryption on Internet of Things devices
Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible
Medical Health Record Protection Using Ciphertext-Policy Attribute-Based Encryption and Elliptic Curve Digital Signature Algorithm
Information on medical record is very sensitive data due to the number of confidential information about a patient's condition. Therefore, a secure and reliable storage mechanism is needed so that the data remains original without any changes during it was stored in the data center. The user must go through an authentication process to ensure that not an attacker and verify to ensure the authenticity and accuracy of the data received. In this research, we proposed a solution to secure medical data using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Elliptic Curve Digital Signature Algorithm (ECDSA) methods. Our system can secure data centers from illegal access because the uploaded data has patient control over access rights based on attributes that have been embedded during the data encryption process. Encrypted data was added to the digital signature to pass the authentication process before being sent to the data center. The results of our experiments serve efficient system security and secure with low overhead. We compare the proposed system performance with the same CP-ABE method but don’t add user revocation to this system and for our computing times are shorter than the previous time for 0.06 seconds and 0.1 seconds to verify the signature. The total time in the system that we propose requires 0.6 seconds
Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records
We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device
is the most ubiquitous device that people now hold. Due to their portability, availability, easy
of use, communication, access and sharing of information within various domains and areas of
our daily lives, the acceptance and adoption of these devices is still growing. However, due to
their potential and raising numbers, mobile devices are a growing target for attackers and, like
other technologies, mobile applications are still vulnerable.
Health information systems are composed with tools and software to collect, manage, analyze
and process medical information (such as electronic health records and personal health records).
Therefore, such systems can empower the performance and maintenance of health services,
promoting availability, readability, accessibility and data sharing of vital information about a
patients overall medical history, between geographic fragmented health services. Quick access
to information presents a great importance in the health sector, as it accelerates work processes,
resulting in better time utilization. Additionally, it may increase the quality of care.
However health information systems store and manage highly sensitive data, which raises serious
concerns regarding patients privacy and safety, and may explain the still increasing number
of malicious incidents reports within the health domain.
Data related to health information systems are highly sensitive and subject to severe legal
and regulatory restrictions, that aim to protect the individual rights and privacy of patients.
Along side with these legislations, security requirements must be analyzed and measures implemented.
Within the necessary security requirements to access health data, secure authentication,
identity management and access control are essential to provide adequate means to
protect data from unauthorized accesses. However, besides the use of simple authentication
models, traditional access control models are commonly based on predefined access policies
and roles, and are inflexible. This results in uniform access control decisions through people,
different type of devices, environments and situational conditions, and across enterprises, location
and time.
Although already existent models allow to ensure the needs of the health care systems, they still
lack components for dynamicity and privacy protection, which leads to not have desire levels
of security and to the patient not to have a full and easy control of his privacy. Within this
master thesis, after a deep research and review of the stat of art, was published a novel dynamic
access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE),
which can model the inherent differences and security requirements that are present in this
thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing
a risk assessment at the moment of the request. The assessment of the risk factors identified
in this work is based in a Delphi Study. A set of security experts from various domains were
selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates.
SoTRAACE was integrated in an architecture with requirements well-founded, and based
in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in
deep review of the state-of-art. The architecture is further targeted with the essential security
analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric
architecture, with two mobile prototypes for several types of accesses by patients and healthcare
professionals, as well the web servers that handles the access requests, authentication and
identity management.
The proof of concept shows that the model works as expected, with transparency, assuring privacy
and data control to the user without impact for user experience and interaction. It is clear
that the model can be extended to other industry domains, and new levels of risks or attributes
can be added because it is modular. The architecture also works as expected, assuring secure
authentication with multifactor, and secure data share/access based in SoTRAACE decisions.
The communication channel that SoTRAACE uses was also protected with a digital certificate.
At last, the architecture was tested within different Android versions, tested with static and
dynamic analysis and with tests with security tools.
Future work includes the integration of health data standards and evaluating the proposed system
by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que
os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua
portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha
de informação referentes a várias áreas e domÃnios das nossas vidas, a aceitação e integração
destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número
de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras
tecnologias, aplicações móveis continuam a ser vulneráveis.
Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem
recolher, administrar, analisar e processar informação médica (tais como documentos de saúde
eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos
serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados
vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão
geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande
importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim
numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma
melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e
manuseiam dados bastantes sensÃveis, o que levanta sérias preocupações referentes à privacidade
e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do
domÃnio da saúde.
Os dados de saúde são altamente sensÃveis e são sujeitos a severas leis e restrições regulamentares,
que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando
os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança
devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários
para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de
acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos
não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos
tradicionais de controlo de acesso são normalmente baseados em polÃticas de acesso e cargos
pré-definidos, e são inflexÃveis. Isto resulta em decisões de controlo de acesso uniformes para
diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações
e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar
algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso
dinâmico e proteção de privacidade , o que resultam em nÃveis de segurança não satisfatórios e
em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde.
Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte,
foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as
diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto,
o SoTRAACE agrega atributos de vários ambientes e domÃnios que ajudam a executar uma avaliação
de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco
identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de
segurança de vários domÃnios industriais foram selecionados, para classificar o impacto de cada
atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a
dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta
arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque.
Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente
com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis,
que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é
constituÃda também por servidores web que tratam da gestão de dados, controlo de acesso e
autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado,
com transparência, assegurando a privacidade e o controlo de dados para o utilizador,
sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender
para outros setores industriais, e novos nÃveis de risco ou atributos podem ser adicionados
a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando
uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões
do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com
um certificado digital.
A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática,
dinâmica e testes com ferramentas de segurança.
Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do
sistema proposto, através da recolha de opiniões de utilizadores no mundo real
Secure Authentication for Remote Patient Monitoring with Wireless Medical Sensor Networks.
There is broad consensus that remote health monitoring will benefit all stakeholders in the healthcare system and that it has the potential to save billions of dollars. Among the major concerns that are preventing the patients from widely adopting this technology are data privacy and security. Wireless Medical Sensor Networks (MSNs) are the building blocks for remote health monitoring systems. This paper helps to identify the most challenging security issues in the existing authentication protocols for remote patient monitoring and presents a lightweight public-key-based authentication protocol for MSNs. In MSNs, the nodes are classified into sensors that report measurements about the human body and actuators that receive commands from the medical staff and perform actions. Authenticating these commands is a critical security issue, as any alteration may lead to serious consequences. The proposed protocol is based on the Rabin authentication algorithm, which is modified in this paper to improve its signature signing process, making it suitable for delay-sensitive MSN applications. To prove the efficiency of the Rabin algorithm, we implemented the algorithm with different hardware settings using Tmote Sky motes and also programmed the algorithm on an FPGA to evaluate its design and performance. Furthermore, the proposed protocol is implemented and tested using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++) library. The results show that secure, direct, instant and authenticated commands can be delivered from the medical staff to the MSN nodes
Performance assessment of security mechanisms for cooperative mobile health applications
Mobile health (m-Health) applications aim to deliver healthcare services through mobile applications regardless of time and place. An mHealth application makes use of wireless communications to sustain its health services and often providing a patient-doctor interaction. Therefore, m-Health applications present several challenging issues and constraints, such as, mobile devices battery and storage capacity, broadcast constraints, interferences, disconnections, noises, limited bandwidths, network delays, and of most importance, privacy and security concerns. In a typical m-Health system, information transmitted through wireless channels may contain sensitive information such as patient’s clinic history, patient’s personal diseases information (e.g. infectious disease as HIV - human immunodeficiency virus). Carrying such type of information presents many issues related to its privacy and protection. In this work, a cryptographic solution for m-Health applications under a cooperative environment is proposed in order to approach two common drawbacks in mobile health systems: the data privacy and protection. Two different approaches were proposed: i) DE4MHA that aims to guarantee the best confidentiality, integrity, and authenticity of mhealth systems users data and ii) eC4MHA that also focuses on assuring and guarantying the m-Health application data confidentiality, integrity, and authenticity, although with a different paradigm. While DE4MHA considers a peer-to-peer node message forward, with encryption/decryption tasks on each node, eC4MHA focuses on simply encrypting data at the requester node and decrypting it when it reaches the Web service. It relays information through cooperative mobile nodes, giving them the only strictly required information, in order to be able to forward a request, until it reaches the Web service responsible to manage the request, and possibly answer to that same request. In this sense, the referred solutions aim any mobile health application with cooperation mechanism embedded. For test purposes a specific mobile health application, namely SapoFit, was used. Cryptographic mechanisms were created and integrated in SapoFit application with built in cooperation mechanisms. A performance evaluation of both approaches in a real scenario with different mobile devices is performed and presented in this work. A comparison with the performance evaluations of both solutions is also presented.Fundação para a Ciência e a Tecnologia (FCT)European Community Fund FEDER through COMPETE – Programa Operacional Factores de Competitividad
- …