556 research outputs found
Confidentiality-Preserving Publish/Subscribe: A Survey
Publish/subscribe (pub/sub) is an attractive communication paradigm for
large-scale distributed applications running across multiple administrative
domains. Pub/sub allows event-based information dissemination based on
constraints on the nature of the data rather than on pre-established
communication channels. It is a natural fit for deployment in untrusted
environments such as public clouds linking applications across multiple sites.
However, pub/sub in untrusted environments lead to major confidentiality
concerns stemming from the content-centric nature of the communications. This
survey classifies and analyzes different approaches to confidentiality
preservation for pub/sub, from applications of trust and access control models
to novel encryption techniques. It provides an overview of the current
challenges posed by confidentiality concerns and points to future research
directions in this promising field
Ex-HABE with User Accountability for Secure Access Control in Cloud
Data outsourcing is becoming a useful and feasible paradigm with the rapid application of service-oriented technologies. Many researchers have tried combination of access control and cryptography to propose a model to protect sensitive information in this outsourcing scenario. However, these combinations in existing approaches have difficulty in key management and key distribution when fine-grained data access is required. Taking the complexity of fine-grained access control policy and the wide-reaching users of cloud in account, this issue would become extremely difficult to iron out. Various system models using attribute-based encryption (ABE) have been proposed however, most of them suffer from heavy overhead in implementing the access control policies. In this paper, a system is proposed with extended hierarchical attribute-based encryption (HABE) by using ciphertext-policy attribute-based encryption (ABE). It uses the hierarchical structure of users and bilinear mapping for generating the keys for various data handlers. Also the system focuses on user tracking by allocating an unique id to user. The system uses traitor tracing along with separation of duty made available by HABE and reduces the scope of key abuse. It is formally proved extended HABE with traitor tracing adds on to user accountability if user tracking for resource is maintained for hierarchical systems.
DOI: 10.17762/ijritcc2321-8169.16042
SECURE, POLICY-BASED, MULTI-RECIPIENT DATA SHARING
In distributed systems users often need to share sensitive data with other users
based on the latter's ability to satisfy various policies. In many cases the data owner
may not even know the identities of the data recipients, but deems it crucial that they
are legitimate; i.e., satisfy the policy. Enabling such data sharing over the Internet
faces the challenge of (1) securely associating access policies with data and enforcing
them, and (2) protecting data as it traverses untrusted proxies and intermediate
repositories. Furthermore, it is desirable to achieve properties such as: (1) flexibility
of access policies; (2) privacy of sensitive access policies; (3) minimal reliance on
trusted third parties; and (4) efficiency of access policy enforcement. Often schemes
enabling controlled data sharing need to trade one property for another. In this
dissertation, we propose two complimentary policy-based data sharing schemes that
achieve different subsets of the above desired properties.
In the first part of this dissertation, we focus on CiphertextPolicy Attribute-
Based Encryption (CP-ABE) schemes that specify and enforce access policies
cryptographically and eliminate trusted mediators. We motivate the need for flexible
attribute organization within user keys for efficient support of many practical
applications. We then propose Ciphertext-Policy Attribute-Set Based Encryption
(CP-ASBE) which is the first CP-ABE scheme to (1) efficiently support naturally
occurring compound attributes, (2) support multiple numerical assignments for a
given attribute in a single key and (3) provide efficient key management. While the
CP-ASBE scheme minimizes reliance on trusted mediators, it can support neither
context-based policies nor policy privacy. In the second part of this dissertation,
we propose Policy Based Encryption System (PBES), which employs mediated decryption
and supports both context-based policies and policy privacy. Finally, we integrate the
proposed schemes into practical applications (i.e., CP-ASBE scheme with Attribute-Based
Messaging (ABM) and PBES scheme with a conditional data sharing application in the Power Grid) and demonstrate their usefulness in practice
Charlie and the CryptoFactory: Towards Secure and Trusted Manufacturing Environments
The modernisation that stems from Industry 4.0 started populating the manufacturing sector with networked devices, complex sensors, and a significant proportion of physical actuation components. However, new capabilities in networked cyber-physical systems demand more complex infrastructure and algorithms and often lead to new security flaws and operational risks that increase the attack surface area exponentially. The interconnected nature of Industry 4.0-driven operations and the pace of digital transformation mean that cyber-attacks can have far more extensive effects than ever before. Based on that, the core ideas of this paper are driven by the observation that cyber security is one of the key enablers of Industry 4.0. Having this in mind, we propose CryptoFactory – a forward looking design of a layered-based architecture that can be used as a starting point for building secure and privacy-preserving smart factories. CryptoFactory aims to change the security outlook in smart manufacturing by discussing a set of fundamental requirements and functionality that modern factories should support in order to be resistant to both internal and external attacks. To this end, CryptoFactory first focuses on how to build trust relationships between the hardware devices in the factory. Then, we look on how to use several cryptographic approaches to allow IoT devices to securely collect, store and share their data while we also touch upon the emerging topic of secure and privacy-preserving communication and collaboration between manufacturing environments and value chains. Finally, we look into the problem of how to perform privacy-preserving analytics by leveraging Trusted Execution Environments and the promising concept of Functional Encryption
- …