Big Data Security (Volume 3)

After a short description of the key concepts of big data the book explores on the secrecy and security threats posed especially by cloud based data storage. It delivers conceptual frameworks and models along with case studies of recent technology

A Cloud-based Messaging Service for Cross-Enterprise Data Exchange with Smart Objects

In this paper, we explore common communication needs for the rapidly increasing number of Internet-connected devices, which are appearing in a growing number of domains. We argue that with the rise of these smart objects business cooperation will increase. So-called smart meters then serve as example that a direct and flexible information exchange across enterprise boundaries, markets and even industries is needed. Based on experiences from integration projects and qualitative interviews with experts we deduce key requirements for an abstract communication system. We then map established communication paradigms to these requirements and finally introduce a cloud-based communication system for smart objects we call Virtual Object Warehousing Service. We explore its key characteristics and conclude by providing an outlook how such a general-purpose cloud-based messaging service could satisfy the communication needs of smart objects

SIDVI: a model for secure distributed data integration

The new millennium has brought about an increase in the use of business intelligence and knowledge management systems. The very foundations of these systems are the multitude of source databases that store the data. The ability to derive information from these databases is brought about by means of data integration. With the current emphasis on security in all walks of information and communication technology, a renewed interest must be placed in the systems that provide us with information; data integration systems. This dissertation investigates security issues at specific stages in the data integration cycle, with special reference to problems when performing data integration in a peer-topeer environment, as in distributed data integration. In the database environment we are concerned with the database itself and the media used to connect to and from the database. In distributed data integration, the concept of the database is redefined to the source database, from which we extract data and the storage database in which the integrated data is stored. This postulates three distinct areas in which to apply security, the data source, the network medium and the data store. All of these areas encompass data integration and must be considered holistically when implementing security. Data integration is never only one server or one database; it is various geographically dispersed components working together towards a common goal. It is important then that we consider all aspects involved when attempting to provide security for data integration. This dissertation will focus on the areas of security threats and investigates a model to ensure the integrity and security of data during the entire integration process. In order to ensure effective security in a data integration environment, that security, should be present at all stages, it should provide for end-to-end protection

TD2SecIoT: Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT

The Internet of Things (IoT) is an emerging technology, which comprises wireless smart sensors and actuators. Nowadays, IoT is implemented in different areas such as Smart Homes, Smart Cities, Smart Industries, Military, eHealth, and several real-world applications by connecting domain-specific sensors. Designing a security model for these applications is challenging for researchers since attacks (for example, zero-day) are increasing tremendously. Several security methods have been developed to ensure the CIA (Confidentiality, Integrity, and Availability) for Industrial IoT (IIoT). Though these methods have shown promising results, there are still some security issues that are open. Thus, the security and authentication of IoT based applications become quite significant. In this paper, we propose TD2SecIoT (Temporal, Data-Driven and Dynamic Network Layer Based Security Architecture for Industrial IoT), which incorporates Elliptic Curve Cryptography (ECC) and Nth-degree Truncated Polynomial Ring Units (NTRU) methods to ensure confidentiality and integrity. The proposed method has been evaluated against different attacks and performance measures (quantitative and qualitative) using the Cooja network simulator with Contiki-OS. The TD2SecIoT has shown a higher security level with reduced computational cost and time

An innovative blockchain-based secured logistics management architecture:utilizing an RSA asymmetric encryption method

Purpose: The recent development in logistics due to the dawn of Logistics 4.0 has made global logistics providers more dependent on intelligent technologies. In this era, these technologies assist in data collection and transmission of logistical data and pose many security and privacy threats in logistics management systems. The customer’s private information, which is shared among the logistics stakeholders for optimal operation, faces unauthorized access due to a lack of privacy. This, amongst others, is a critical problem that needs to be addressed with blockchain. Blockchain is a disruptive technology that is transforming different sectors, and it has the potential to provide a solution to the issues mentioned above, with its unique features such as immutability, transparency, and anonymity. Method: This study designed a blockchain-based logistics management architecture on a decentralized peer-2-peer network using Ethereum smart contracts. The proposed system deployed the Rivest–Shamir–Adleman (RSA) asymmetric encryption method to protect the logistics system from cyber-attacks and secure customers’ private information from unauthorized access. Findings: Furthermore, the security and privacy of the proposed system are evaluated based on the theorem. The proof shows that the system can provide security to the logistics system and privacy to customers’ private data. The performance evaluation is based on throughput and latency. It shows that the proposed system is better than the baseline system, and the comparatives analysis shows that the proposed system is more secure and efficient than the existing systems. Implication and Limitation: The proposed system offers a better solution to the security/privacy of the logistics management system and provides recommendations to key stakeholders involved in the logistics industry while adopting blockchain technology. Apart from the study’s methodological limitation, it is also limited by a lack of reference materials

An appraisal of secure, wireless grid-enabled data warehousing

In most research, appropriate collections of data play a significant role in aiding decision-making processes. This is more critical if the data is being accessed across organisational barriers. Further, for the data to be mined and analysed efficiently, to aid decision-making processes, it must be harnessed in a suitably-structured fashion. There is, for example, a need to perform diverse data analyses and interpretation of structured (non-personal) HIV/AIDS patient-data from various quarters in South Africa. Although this data does exist, to some extent, it is autonomously owned and stored in disparate data storages, and not readily available to all interested parties. In order to put this data to meaningful use, it is imperative to integrate and store this data in a manner in which it can be better utilized by all those involved in the ontological field. This implies integration of (and hence, interoperability), and appropriate accessibility to, the information systems of the autonomous organizations providing data and data-processing. This is a typical problem-scenario for a Virtual Inter-Organisational Information System (VIOIS), proposed in this study. The VIOIS envisaged is a hypothetical, secure, Wireless Grid-enabled Data Warehouse (WGDW) that enables IOIS interaction, such as the storage and processing of HIV/AIDS patient-data to be utilized for HIV/AIDS-specific research. The proposed WDGW offers a methodical approach for arriving at such a collaborative (HIV/AIDS research) integrated system. The proposed WDGW is virtual community that consists mainly of data-providers, service-providers and information-consumers. The WGDW-basis resulted from systematic literaturesurvey that covered a variety of technologies and standards that support datastorage, data-management, computation and connectivity between virtual community members in Grid computing contexts. A Grid computing paradigm is proposed for data-storage, data management and computation in the WGDW. Informational or analytical processing will be enabled through data warehousing while connectivity will be attained wirelessly (for addressing the paucity of connectivity infrastructure in rural parts of developing countries, like South Africa)