Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

In the present era ,cloud computing provides us a efficient way to share data amoung cloud users with low maintenance.But in multi-owner group ,there is a serious problem with preserving data and identity privacy due to frequent change of membership Some trends are opening up the period of Cloud Computing, which is an Internet-based improvement and utilize of computer technology. Security must be in given due importance for the cloud data with utmost care to the data and confidence to the data owne In this project ,we are proposing a secure multi-owner sharing scheme,for dynamic groups in the cloud.We are using group signature and encryption techniques. One of the biggest concerns with cloud data storage is that of data integrity verification at untrusted servers. To preserve data privacy, a basic solution is to encrypt data files, and then upload the encrypted data into the cloud. To resolve this problem recently the best efficient method MONA presented for secured multi owner data sharing.In our project ,we have removed the problem that occurred in existing system.In existing system whenever there is a revocation of member form group.manager has to generate a new key and then distribute to other members,this was a very tedious work,so we use a new technique of group signature so that the revoked member is not able to upload or download files. Now there is no need for generating new key each time whenever there is a revocation of members. DOI: 10.17762/ijritcc2321-8169.150515

NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

Some Directions beyond Traditional Quantum Secret Sharing

We investigate two directions beyond the traditional quantum secret sharing (QSS). First, a restriction on QSS that comes from the no-cloning theorem is that any pair of authorized sets in an access structure should overlap. From the viewpoint of application, this places an unnatural constraint on secret sharing. We present a generalization, called assisted QSS (AQSS), where access structures without pairwise overlap of authorized sets is permissible, provided some shares are withheld by the share dealer. We show that no more than $\lambda-1$ withheld shares are required, where $\lambda$ is the minimum number of {\em partially linked classes} among the authorized sets for the QSS. Our result means that such applications of QSS need not be thwarted by the no-cloning theorem. Secondly, we point out a way of combining the features of QSS and quantum key distribution (QKD) for applications where a classical information is shared by quantum means. We observe that in such case, it is often possible to reduce the security proof of QSS to that of QKD.Comment: To appear in Physica Scripta, 7 pages, 1 figure, subsumes arXiv:quant-ph/040720

Virtualized Reconfigurable Resources and Their Secured Provision in an Untrusted Cloud Environment

The cloud computing business grows year after year. To keep up with increasing demand and to offer more services, data center providers are always searching for novel architectures. One of them are FPGAs, reconfigurable hardware with high compute power and energy efficiency. But some clients cannot make use of the remote processing capabilities. Not every involved party is trustworthy and the complex management software has potential security flaws. Hence, clients’ sensitive data or algorithms cannot be sufficiently protected. In this thesis state-of-the-art hardware, cloud and security concepts are analyzed and com- bined. On one side are reconfigurable virtual FPGAs. They are a flexible resource and fulfill the cloud characteristics at the price of security. But on the other side is a strong requirement for said security. To provide it, an immutable controller is embedded enabling a direct, confidential and secure transfer of clients’ configurations. This establishes a trustworthy compute space inside an untrusted cloud environment. Clients can securely transfer their sensitive data and algorithms without involving vulnerable software or a data center provider. This concept is implemented as a prototype. Based on it, necessary changes to current FPGAs are analyzed. To fully enable reconfigurable yet secure hardware in the cloud, a new hybrid architecture is required.Das Geschäft mit dem Cloud Computing wächst Jahr für Jahr. Um mit der steigenden Nachfrage mitzuhalten und neue Angebote zu bieten, sind Betreiber von Rechenzentren immer auf der Suche nach neuen Architekturen. Eine davon sind FPGAs, rekonfigurierbare Hardware mit hoher Rechenleistung und Energieeffizienz. Aber manche Kunden können die ausgelagerten Rechenkapazitäten nicht nutzen. Nicht alle Beteiligten sind vertrauenswürdig und die komplexe Verwaltungssoftware ist anfällig für Sicherheitslücken. Daher können die sensiblen Daten dieser Kunden nicht ausreichend geschützt werden. In dieser Arbeit werden modernste Hardware, Cloud und Sicherheitskonzept analysiert und kombiniert. Auf der einen Seite sind virtuelle FPGAs. Sie sind eine flexible Ressource und haben Cloud Charakteristiken zum Preis der Sicherheit. Aber auf der anderen Seite steht ein hohes Sicherheitsbedürfnis. Um dieses zu bieten ist ein unveränderlicher Controller eingebettet und ermöglicht eine direkte, vertrauliche und sichere Übertragung der Konfigurationen der Kunden. Das etabliert eine vertrauenswürdige Rechenumgebung in einer nicht vertrauenswürdigen Cloud Umgebung. Kunden können sicher ihre sensiblen Daten und Algorithmen übertragen ohne verwundbare Software zu nutzen oder den Betreiber des Rechenzentrums einzubeziehen. Dieses Konzept ist als Prototyp implementiert. Darauf basierend werden nötige Änderungen von modernen FPGAs analysiert. Um in vollem Umfang eine rekonfigurierbare aber dennoch sichere Hardware in der Cloud zu ermöglichen, wird eine neue hybride Architektur benötigt

Detailed Concept of Network Security

Computer world security management is essential resource for all the latest news, analysis, case studies and reviews on authentication, business continuity and disaster recovery, data control, security infrastructure, intellectual property, privacy standards, law, threats cyber crime and hacking and identity fraud and theft. This section covers secrecy, reliable storage and encryption. security, protecting data from unauthorized access, protecting data from damage and ROM either an external or an internal source, and a disgruntled employee could easily do much harm

Privacy-preserving smart nudging system: resistant to traffic analysis and data breach

A solution like Green Transportation Choices with IoT and Smart Nudging (SN) is aiming to resolve urban challenges (e.g., increased traffic, congestion, air pollution, and noise pollution) by influencing people towards environment-friendly decisions in their daily life. The essential aspect of this system is to construct personalized suggestion and positive reinforcement for people to achieve environmentally preferable outcomes. However, the process of tailoring a nudge for a specific person requires a significant amount of personal data (e.g., user's location data, health data, activity and more) analysis. People are willingly giving up their private data for the greater good of society and making SN system a target for adversaries to get people's data and misuse them. Yet, preserving user privacy is subtly discussed and often overlooked in the SN system. Meanwhile, the European union's General data protection regulation (GDPR) tightens European Unions's (EU) already stricter privacy policy. Thus, preserving user privacy is inevitable for a system like SN. Privacy-preserving smart nudging (PPSN) is a new middleware that gives privacy guarantee for both the users and the SN system and additionally offers GDPR compliance. In the PPSN system, users have the full autonomy of their data, and users data is well protected and inaccessible without the participation of the data owner. In addition to that, PPSN system gives protection against adversaries that control all the server but one, observe network traffics and control malicious users. PPSN system's primary insight is to encrypt as much as observable variables if not all and hide the remainder by adding noise. A prototype implementation of the PPSN system achieves a throughput of 105 messages per second with 24 seconds end-to-end latency for 125k users on a quadcore machine and scales linearly with the number of users

Barrel Shifter Physical Unclonable Function Based Encryption

Physical Unclonable Functions (PUFs) are circuits designed to extract physical randomness from the underlying circuit. This randomness depends on the manufacturing process. It differs for each device enabling chip-level authentication and key generation applications. We present a protocol utilizing a PUF for secure data transmission. Parties each have a PUF used for encryption and decryption; this is facilitated by constraining the PUF to be commutative. This framework is evaluated with a primitive permutation network - a barrel shifter. Physical randomness is derived from the delay of different shift paths. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates; their characteristics ensure same-chip reproducibility, a necessary property of PUFs. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 {\mu}m technology assess uniqueness, stability and randomness properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environment variation is shown. Logistic regression of 100,000 plaintext-ciphertext pairs (PCPs) failed to successfully model BS- PUF behavior

Design and Analysis of Opaque Signatures

Digital signatures were introduced to guarantee the authenticity and integrity of the underlying messages. A digital signature scheme comprises the key generation, the signature, and the verification algorithms. The key generation algorithm creates the signing and the verifying keys, called also the signer’s private and public keys respectively. The signature algorithm, which is run by the signer, produces a signature on the input message. Finally, the verification algorithm, run by anyone who knows the signer’s public key, checks whether a purported signature on some message is valid or not. The last property, namely the universal verification of digital signatures is undesirable in situations where the signed data is commercially or personally sensitive. Therefore, mechanisms which share most properties with digital signatures except for the universal verification were invented to respond to the aforementioned need; we call such mechanisms “opaque signatures”. In this thesis, we study the signatures where the verification cannot be achieved without the cooperation of a specific entity, namely the signer in case of undeniable signatures, or the confirmer in case of confirmer signatures; we make three main contributions. We first study the relationship between two security properties important for public key encryption, namely data privacy and key privacy. Our study is motivated by the fact that opaque signatures involve always an encryption layer that ensures their opacity. The properties required for this encryption vary according to whether we want to protect the identity (i.e. the key) of the signer or hide the validity of the signature. Therefore, it would be convenient to use existing work about the encryption scheme in order to derive one notion from the other. Next, we delve into the generic constructions of confirmer signatures from basic cryptographic primitives, e.g. digital signatures, encryption, or commitment schemes. In fact, generic constructions give easy-to-understand and easy-to-prove schemes, however, this convenience is often achieved at the expense of efficiency. In this contribution, which constitutes the core of this thesis, we first analyze the already existing constructions; our study concludes that the popular generic constructions of confirmer signatures necessitate strong security assumptions on the building blocks, which impacts negatively the efficiency of the resulting signatures. Next, we show that a small change in these constructionsmakes these assumptions drop drastically, allowing as a result constructions with instantiations that compete with the dedicated realizations of these signatures. Finally, we revisit two early undeniable signatures which were proposed with a conjectural security. We disprove the claimed security of the first scheme, and we provide a fix to it in order to achieve strong security properties. Next, we upgrade the second scheme so that it supports a iii desirable feature, and we provide a formal security treatment of the new scheme: we prove that it is secure assuming new reasonable assumptions on the underlying constituents