Security, Trust and Privacy in Cyber (STPCyber): Future trends and challenges

© 2020 Today's world experiences massively interconnected devices to share information across variety of platforms between traditional computers (machines), Smart IoT devices used across smart homes, smart interconnected vehicles etc. and of course the social networks apps such as Facebook, Linkdn, twitter etc. We experience the growth has been skyrocketing and the trend will continue exponentially to the future. At one end, we find life becomes easier with such developments and at the other end; we experience more and more cyber threats on our privacy, security and trustworthiness with organizations holding our data. In this special issue, we summarize contributions by authors in advanced topics related to security, trust and privacy based on a range of applications and present a selection of the most recent research efforts in these areas

A privacy-preserving traffic monitoring scheme via vehicular crowdsourcing

The explosive number of vehicles has given rise to a series of traffic problems, such as traffic congestion, road safety, and fuel waste. Collecting vehicles’ speed information is an effective way to monitor the traffic conditions and avoid vehicles’ congestion, however it may threaten vehicles’ location and trajectory privacy. Motivated by the fact that traffic monitoring does not need to know each individual vehicle’s speed and the average speed would be sufficient, we propose a privacy-preserving traffic monitoring (PPTM) scheme to aggregate vehicles’ speeds at different locations. In PPTM, the roadside unit (RSU) collects vehicles’ speed information at multiple road segments, and further cooperates with a service provider to calculate the average speed information for every road segment. To preserve vehicles’ privacy, both homomorphic Paillier cryptosystem and super-increasing sequence are adopted. A comprehensive security analysis indicates that the proposed PPTM can preserve vehicles’ identities, speeds, locations, and trajectories privacy from being disclosed. In addition, extensive simulations are conducted to validate the effectiveness and efficiency of the proposed PPTM scheme.This research was supported by the National Natural Science Foundation of China (Grant Nos. 61402037, 61872041, 61272512)

Survey: Sharding in Blockchains

© 2013 IEEE. The Blockchain technology, featured with its decentralized tamper-resistance based on a Peer-to-Peer network, has been widely applied in financial applications, and even further been extended to industrial applications. However, the weak scalability of traditional Blockchain technology severely affects the wide adoption due to the well-known trillema of decentralization-security-scalability in Blockchains. In regards to this issue, a number of solutions have been proposed, targeting to boost the scalability while preserving the decentralization and security. They range from modifying the on-chain data structure and consensus algorithms to adding the off-chain technologies. Therein, one of the most practical methods to achieve horizontal scalability along with the increasing network size is sharding, by partitioning network into multiple shards so that the overhead of duplicating communication, storage, and computation in each full node can be avoided. This paper presents a survey focusing on sharding in Blockchains in a systematic and comprehensive way. We provide detailed comparison and quantitative evaluation of major sharding mechanisms, along with our insights analyzing the features and restrictions of the existing solutions. We also provide theoretical upper-bound of the throughput for each considered sharding mechanism. The remaining challenges and future research directions are also reviewed

Cyberattacks and security of cloud computing: a complete guideline

Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security

Security and Privacy Preservation in Mobile Crowdsensing

Mobile crowdsensing (MCS) is a compelling paradigm that enables a crowd of individuals to cooperatively collect and share data to measure phenomena or record events of common interest using their mobile devices. Pairing with inherent mobility and intelligence, mobile users can collect, produce and upload large amounts of data to service providers based on crowdsensing tasks released by customers, ranging from general information, such as temperature, air quality and traffic condition, to more specialized data, such as recommended places, health condition and voting intentions. Compared with traditional sensor networks, MCS can support large-scale sensing applications, improve sensing data trustworthiness and reduce the cost on deploying expensive hardware or software to acquire high-quality data. Despite the appealing benefits, however, MCS is also confronted with a variety of security and privacy threats, which would impede its rapid development. Due to their own incentives and vulnerabilities of service providers, data security and user privacy are being put at risk. The corruption of sensing reports may directly affect crowdsensing results, and thereby mislead customers to make irrational decisions. Moreover, the content of crowdsensing tasks may expose the intention of customers, and the sensing reports might inadvertently reveal sensitive information about mobile users. Data encryption and anonymization techniques can provide straightforward solutions for data security and user privacy, but there are several issues, which are of significantly importance to make MCS practical. First of all, to enhance data trustworthiness, service providers need to recruit mobile users based on their personal information, such as preferences, mobility pattern and reputation, resulting in the privacy exposure to service providers. Secondly, it is inevitable to have replicate data in crowdsensing reports, which may possess large communication bandwidth, but traditional data encryption makes replicate data detection and deletion challenging. Thirdly, crowdsensed data analysis is essential to generate crowdsensing reports in MCS, but the correctness of crowdsensing results in the absence of malicious mobile users and service providers become a huge concern for customers. Finally yet importantly, even if user privacy is preserved during task allocation and data collection, it may still be exposed during reward distribution. It further discourage mobile users from task participation. In this thesis, we explore the approaches to resolve these challenges in MCS. Based on the architecture of MCS, we conduct our research with the focus on security and privacy protection without sacrificing data quality and users' enthusiasm. Specifically, the main contributions are, i) to enable privacy preservation and task allocation, we propose SPOON, a strong privacy-preserving mobile crowdsensing scheme supporting accurate task allocation. In SPOON, the service provider recruits mobile users based on their locations, and selects proper sensing reports according to their trust levels without invading user privacy. By utilizing the blind signature, sensing tasks are protected and reports are anonymized. In addition, a privacy-preserving credit management mechanism is introduced to achieve decentralized trust management and secure credit proof for mobile users; ii) to improve communication efficiency while guaranteeing data confidentiality, we propose a fog-assisted secure data deduplication scheme, in which a BLS-oblivious pseudo-random function is developed to enable fog nodes to detect and delete replicate data in sensing reports without exposing the content of reports. Considering the privacy leakages of mobile users who report the same data, the blind signature is utilized to hide users' identities, and chameleon hash function is leveraged to achieve contribution claim and reward retrieval for anonymous greedy mobile users; iii) to achieve data statistics with privacy preservation, we propose a privacy-preserving data statistics scheme to achieve end-to-end security and integrity protection, while enabling the aggregation of the collected data from multiple sources. The correctness verification is supported to prevent the corruption of the aggregate results during data transmission based on the homomorphic authenticator and the proxy re-signature. A privacy-preserving verifiable linear statistics mechanism is developed to realize the linear aggregation of multiple crowdsensed data from a same device and the verification on the correctness of aggregate results; and iv) to encourage mobile users to participating in sensing tasks, we propose a dual-anonymous reward distribution scheme to offer the incentive for mobile users and privacy protection for both customers and mobile users in MCS. Based on the dividable cash, a new reward sharing incentive mechanism is developed to encourage mobile users to participating in sensing tasks, and the randomization technique is leveraged to protect the identities of customers and mobile users during reward claim, distribution and deposit

Cyberattacks and Security of Cloud Computing: A Complete Guideline

Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security

ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously

Enhanced fully homomorphic encryption scheme using modified key generation for cloud environment

Fully homomorphic encryption (FHE) is a special class of encryption that allows performing unlimited mathematical operations on encrypted data without decrypting it. There are symmetric and asymmetric FHE schemes. The symmetric schemes suffer from the semantically security property and need more performance improvements. While asymmetric schemes are semantically secure however, they pose two implicit problems. The first problem is related to the size of key and ciphertext and the second problem is the efficiency of the schemes. This study aims to reduce the execution time of the symmetric FHE scheme by enhancing the key generation algorithm using the Pick-Test method. As such, the Binary Learning with Error lattice is used to solve the key and ciphertext size problems of the asymmetric FHE scheme. The combination of enhanced symmetric and asymmetric algorithms is used to construct a multi-party protocol that allows many users to access and manipulate the data in the cloud environment. The Pick-Test method of the Sym-Key algorithm calculates the matrix inverse and determinant in one instance requires only n-1 extra multiplication for the calculation of determinant which takes 0(N3) as a total cost, while the Random method in the standard scheme takes 0(N3) to find matrix inverse and 0(N!) to calculate the determinant which results in 0(N4) as a total cost. Furthermore, the implementation results show that the proposed key generation algorithm based on the pick-test method could be used as an alternative to improve the performance of the standard FHE scheme. The secret key in the Binary-LWE FHE scheme is selected from {0,1}n to obtain a minimal key and ciphertext size, while the public key is based on learning with error problem. As a result, the secret key, public key and tensored ciphertext is enhanced from logq , 0(n2log2q) and ((n+1)n2log2q)2log q to n, (n+1)2log q and (n+1)2log q respectively. The Binary-LWE FHE scheme is a secured but noise-based scheme. Hence, the modulus switching technique is used as a noise management technique to scale down the noise from e and c to e/B and c/B respectively thus, the total cost for noise management is enhanced from 0(n3log2q) to 0(n2log q) . The Multi-party protocol is constructed to support the cloud computing on Sym-Key FHE scheme. The asymmetric Binary-LWE FHE scheme is used as a small part of the protocol to verify the access of users to any resource. Hence, the protocol combines both symmetric and asymmetric FHE schemes which have the advantages of efficiency and security. FHE is a new approach with a bright future in cloud computing