2,211 research outputs found
Handling Confidential Data on the Untrusted Cloud: An Agent-based Approach
Cloud computing allows shared computer and storage facilities to be used by a
multitude of clients. While cloud management is centralized, the information
resides in the cloud and information sharing can be implemented via
off-the-shelf techniques for multiuser databases. Users, however, are very
diffident for not having full control over their sensitive data. Untrusted
database-as-a-server techniques are neither readily extendable to the cloud
environment nor easily understandable by non-technical users. To solve this
problem, we present an approach where agents share reserved data in a secure
manner by the use of simple grant-and-revoke permissions on shared data.Comment: 7 pages, 9 figures, Cloud Computing 201
A Novel System for Confidential Medical Data Storage Using Chaskey Encryption and Blockchain Technology
يعد التخزين الآمن للمعلومات الطبية السرية أمرًا بالغ الأهمية لمنظمات الرعاية الصحية التي تسعى إلى حماية خصوصية المريض والامتثال للمتطلبات التنظيمية. في هذا البحث، نقدم نظامًا جديدًا للتخزين الآمن للبيانات الطبية باستخدام تقنية تشفير Chaskey و blockchain. يستخدم النظام تشفير Chaskey لضمان سرية وسلامة البيانات الطبية، وتكنولوجيا blockchain لتوفير حلول تخزين البيانات الطبية بحيث يكون قابل للتطوير ويتميز باللامركزية. يستخدم النظام أيضًا تقنيات Bflow للتجزئة ومنها التجزئة الرأسية لتعزيز قابلية التوسع وإدارة البيانات المخزنة. بالإضافة إلى ذلك، يستخدم النظام العقود الذكية لفرض سياسات التحكم في الوصول والتدابير الأمنية الأخرى. سنقدم وصف للنظام المقترح بالتفصيل ونقدم تحليلاً لخصائصه الأمنية والأداء. تظهر نتائجنا أن النظام يوفر حلاً آمنًا للغاية وقابل للتطوير لتخزين البيانات الطبية السرية، مع تطبيقات محتملة في مجموعة واسعة من إعدادات الرعاية الصحية.Secure storage of confidential medical information is critical to healthcare organizations seeking to protect patient's privacy and comply with regulatory requirements. This paper presents a new scheme for secure storage of medical data using Chaskey cryptography and blockchain technology. The system uses Chaskey encryption to ensure integrity and confidentiality of medical data, blockchain technology to provide a scalable and decentralized storage solution. The system also uses Bflow segmentation and vertical segmentation technologies to enhance scalability and manage the stored data. In addition, the system uses smart contracts to enforce access control policies and other security measures. The description of the system detailing and provide an analysis of its security and performance characteristics. The resulting images were tested against a number of important metrics such as Peak Signal-to-Noise Ratio (PSNR), Mean Squared Error (MSE), bit error rate (BER), Signal-to-Noise Ratio (SNR), Normalization Correlation (NC) and Structural Similarity Index (SSIM). Our results showing that the system provides a highly secure and scalable solution for storing confidential medical data, with potential applications in a wide range of healthcare settings
Data security issues in cloud scenarios
The amount of data created, stored, and processed has enormously increased in the last years. Today, millions of devices are connected to the Internet and generate a huge amount of (personal) data that need to be stored and processed using scalable, efficient, and reliable computing infrastructures. Cloud computing technology can be used to respond to these needs. Although cloud computing brings many benefits to users and companies, security concerns about the cloud still represent the major impediment for its wide adoption.
We briefly survey the main challenges related to the storage and processing of data in the cloud. In particular, we focus on the problem of protecting data in storage, supporting fine-grained access, selectively sharing data, protecting query privacy, and verifying the integrity of computations
DSTC: DNS-based Strict TLS Configurations
Most TLS clients such as modern web browsers enforce coarse-grained TLS
security configurations. They support legacy versions of the protocol that have
known design weaknesses, and weak ciphersuites that provide fewer security
guarantees (e.g. non Forward-Secrecy), mainly to provide backward
compatibility. This opens doors to downgrade attacks, as is the case of the
POODLE attack [18], which exploits the client's silent fallback to downgrade
the protocol version to exploit the legacy version's flaws. To achieve a better
balance between security and backward compatibility, we propose a DNS-based
mechanism that enables TLS servers to advertise their support for the latest
version of the protocol and strong ciphersuites (that provide Forward-Secrecy
and Authenticated-Encryption simultaneously). This enables clients to consider
prior knowledge about the servers' TLS configurations to enforce a fine-grained
TLS configurations policy. That is, the client enforces strict TLS
configurations for connections going to the advertising servers, while
enforcing default configurations for the rest of the connections. We implement
and evaluate the proposed mechanism and show that it is feasible, and incurs
minimal overhead. Furthermore, we conduct a TLS scan for the top 10,000 most
visited websites globally, and show that most of the websites can benefit from
our mechanism
Survey on Secure Authorized De-duplication in Hybrid
Nowadays, cloud computing provides high amount of storage space and massive parallel computing at effective cost. As cloud computing becomes prevalent, excessive amount of data being stored in the cloud. However, exponential growth of ever-increasing volume of data has raised many new challenges. De-duplication technique is specialized data compression technique which eliminates redundant data as well as improves storage and bandwidth utilization. Convergent encryption technique is proposed to enforce confidentiality during de-duplication, which encrypt data before outsourcing. To better protect data security, we present different privileges of user to address problem of authorized data de-duplication. We also present several new de-duplication constructions supporting authorized duplicate check in hybrid cloud architecture, which incurs minimal overhead compared to normal operation
Tunable Security for Deployable Data Outsourcing
Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management
PaaSword: A Data Privacy and Context-aware Security Framework for Developing Secure Cloud Applications - Technical and Scientific Contributions
Most industries worldwide have entered a period of reaping the benefits and opportunities cloud offers. At the same time, many efforts are made to address engineering challenges for the secure development of cloud systems and software.With the majority of software engineering projects today relying on the cloud, the task to structure end-to-end secure-by-design cloud systems becomes challenging but at the same time mandatory. The PaaSword project has been commissioned to address security and data privacy in a holistic way by proposing a context-aware security-by-design framework to support software developers in constructing secure applications for the cloud. This chapter presents an overview of the PaaSword project results, including the scientific achievements as well as the description of the technical solution. The benefits offered by the framework are validated through two pilot implementations and conclusions are drawn based on the future research challenges which are discussed in a research agenda
Cloud technology options towards Free Flow of Data
This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them
Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010
It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U
iPrivacy: a Distributed Approach to Privacy on the Cloud
The increasing adoption of Cloud storage poses a number of privacy issues.
Users wish to preserve full control over their sensitive data and cannot accept
that it to be accessible by the remote storage provider. Previous research was
made on techniques to protect data stored on untrusted servers; however we
argue that the cloud architecture presents a number of open issues. To handle
them, we present an approach where confidential data is stored in a highly
distributed database, partly located on the cloud and partly on the clients.
Data is shared in a secure manner using a simple grant-and-revoke permission of
shared data and we have developed a system test implementation, using an
in-memory RDBMS with row-level data encryption for fine-grained data access
controlComment: 13 pages, International Journal on Advances in Security 2011 vol.4 no
3 & 4. arXiv admin note: substantial text overlap with arXiv:1012.0759,
arXiv:1109.355
- …