TKSE: Trustworthy keyword search over encrypted data with two-side verifiability via blockchain

AXA Research Fund Singapor

The Applications of Blockchain To Cybersecurity

A blockchain is a decentralized public ledger facilitating secure transactions between untrusted network nodes. It has garnered significant recognition for its pivotal role in cryptocurrency systems, where it ensures secure and decentralized transaction records. Over the past decade, blockchain has attracted considerable attention from various industries, as it holds the potential to revolutionize multiple sectors, including cybersecurity. However, this field of study is relatively new, and numerous questions remain unanswered regarding the effectiveness of blockchain in cybersecurity. This research adopted a qualitative research design to investigate the current implementations of blockchain-based security and their applicability in the current cybersecurity context. Additionally, this work explored the mechanisms employed by blockchain to uphold the security triad. Findings indicate that blockchain exhibits substantial potential in addressing existing challenges in cybersecurity, particularly those related to the Internet of Things, data integrity and ownership, and network security. Nonetheless, widespread adoption faces limitations due to technological immaturity, high-cost complexity, and regulatory hurdles. Therefore, utilizing blockchain-based solutions in cybersecurity necessitates a thorough analysis of their applicability to an organization\u27s specific needs, a clear definition of implementation goals, and careful navigation of challenges

Oblivious Message Retrieval

Anonymous message delivery systems, such as private messaging services and privacy-preserving payment systems, need a mechanism for recipients to retrieve the messages addressed to them, without leaking metadata or letting their messages be linked. Recipients could download all posted messages and scan for those addressed to them, but communication and computation costs are excessive at scale. We show how untrusted servers can detect messages on behalf of recipients, and summarize these into a compact encrypted digest that recipients can easily decrypt. These servers operate obliviously and do not learn anything about which messages are addressed to which recipients. Privacy, soundness, and completeness hold even if everyone but the recipient is adversarial and colluding (unlike in prior schemes). Our starting point is an asymptotically-efficient approach, using Fully Homomorphic Encryption and homomorphically-encoded Sparse Random Linear Codes. We then address the concrete performance using bespoke tailoring of lattice-based cryptographic components, alongside various algebraic and algorithmic optimizations. This reduces the digest size to a few bits per message scanned. Concretely, the servers\u27 cost is ~$1 per million messages scanned, and the resulting digests can be decoded by recipients in ~20ms. Our schemes can thus practically attain the strongest form of receiver privacy for current applications such as privacy-preserving cryptocurrencies

Προοπτικές εφαρμογής της τεχνολογίας Blockchain στο φάσμα της υγειονομικής περίθαλψης

Παρά τις όποιες διαφωνίες για το εάν η τεχνολογία blockchain είναι ριζοσπαστική η αποδιαρθρωτική καινοτομία, αυτό που όλοι συμφωνούν είναι ότι επιφέρει θεμελιώδεις αλλαγές σε διάφορους κλάδους, συμπεριλαμβανομένου και του τομέα της υγειονομικής περίθαλψης. Η αποκεντρωμένη της λειτουργία και η κατάργηση της απαίτησης ύπαρξης έμπιστης τρίτης οντότητας σε συνδυασμό με την διαφάνεια, το αμετάβλητο των δεδομένων, την ανθεκτικότητα, την αυτονομία και την ανωνυμία που προσφέρει στους συναλλασσόμενους, αποτελούν ιδιότητες που ο κλάδος της υγειονομικής περίθαλψης μπορεί να επωφεληθεί δίνοντας λύσεις σε χρόνια προβλήματα και παθογένειες. Η παρούσα διατριβή διερευνά τις δυνατότητες με τις οποίες μια νέα τεχνολογία όπως η blockchain μπορεί να επηρεάσει την ψηφιακή υγειονομική περίθαλψη της Ελλάδας. Ειδικότερα, ερευνάται πώς η τεχνολογία blockchain θα μπορούσε να χρησιμοποιηθεί στη μετάβαση προς μια νέα κατανόηση της θεσμικής εμπιστοσύνης και πως μπορεί να συμβάλλει στο τομέα της Υγειονομικής Περίθαλψης. Η απάντηση στα ερευνητικά ερωτήματα για το εάν αυτό το σύνθετο οικοσύστημα της υγειονομικής περίθαλψης θα μπορούσε να επωφεληθεί από μια ισχυρή ψηφιακή πλατφόρμα για την ανταλλαγή δεδομένων σε πραγματικό χρόνο και για το εάν μπορεί να εξασφαλίσει την απαιτούμενη ασφάλεια στη διαχείριση των εμπιστευτικών δεδομένων με ταυτόχρονη διασφάλιση οικονομιών κλίμακος, δίνεται με την ανάλυση σε βάθος της δομής, της λειτουργίας, των τύπων, των μηχανισμών συναίνεσης, τον εντοπισμό των ωφελειών και των προκλήσεων από την ενσωμάτωση της blockchain και την αποτύπωση μιας σειράς από ενδεικτικές εφαρμογές στον κλάδο.Despite the controversy over whether blockchain technology is radical or disruptive innovation, what everyone agrees on is that it brings about fundamental change in a variety of industries, including healthcare. Its decentralized operation and the abolition of the requirement of a trusted third party in combination with the transparency, invariability of data, resilience, autonomy and anonymity it offers to traders, are qualities that the healthcare industry can benefit from by providing solid solutions in chronic problems and pathogens. This dissertation explores the possibilities with which a new technology such as blockchain can affect digital healthcare in Greece. In particular, it explores how blockchain technology could be used in the transition to a new understanding of institutional trust and how it can contribute to healthcare. The answer to research questions about whether this complex healthcare ecosystem could benefit from a robust digital platform for real-time data exchange and whether it can provide the required security in confidential data management while reassuring economies of scale, is given by in-depth analysis of the structure, operation, types, consensus mechanisms, identifying the benefits and challenges of blockchain integration and recording a range of indicative applications in the industr

Effective Strategies Small Business Leaders Use to Address Ransomware

Small business leaders face a wide range of cybersecurity threats. Ransomware is a specific cybersecurity threat that cybercriminals can use to deny small business leaders’ access to data in exchange for a ransom payment. Grounded in routine activity conceptual framework, the purpose of this qualitative multiple case study was to explore effective strategies small business leaders use to address ransomware. Data were collected from 5 leaders of small businesses in the southeast region of the United States. Data sources included interviews and archival documents. Data were analyzed using Yin’s 5 step process. The analysis revealed 3 primary themes: ransomware strategy, support structure, and cybersecurity awareness. Managers and leaders of small businesses could potentially benefit from this research by applying strategies that emerged from the identified themes to prevent victimization from ransomware. The implications for positive social change include the potential to support the local economy and to prevent and mitigate the spread of ransomware to protect confidential and sensitive consumer information

Counter Unmanned Aircraft Systems Technologies and Operations

As the quarter-century mark in the 21st Century nears, new aviation-related equipment has come to the forefront, both to help us and to haunt us. (Coutu, 2020) This is particularly the case with unmanned aerial vehicles (UAVs). These vehicles have grown in popularity and accessible to everyone. Of different shapes and sizes, they are widely available for purchase at relatively low prices. They have moved from the backyard recreation status to important tools for the military, intelligence agencies, and corporate organizations. New practical applications such as military equipment and weaponry are announced on a regular basis – globally. (Coutu, 2020) Every country seems to be announcing steps forward in this bludgeoning field. In our successful 2nd edition of Unmanned Aircraft Systems in the Cyber Domain: Protecting USA’s Advanced Air Assets (Nichols, et al., 2019), the authors addressed three factors influencing UAS phenomena. First, unmanned aircraft technology has seen an economic explosion in production, sales, testing, specialized designs, and friendly / hostile usages of deployed UAS / UAVs / Drones. There is a huge global growing market and entrepreneurs know it. Second, hostile use of UAS is on the forefront of DoD defense and offensive planners. They are especially concerned with SWARM behavior. Movies like “Angel has Fallen,” where drones in a SWARM use facial recognition technology to kill USSS agents protecting POTUS, have built the lore of UAS and brought the problem forefront to DHS. Third, UAS technology was exploding. UAS and Counter- UAS developments in navigation, weapons, surveillance, data transfer, fuel cells, stealth, weight distribution, tactics, GPS / GNSS elements, SCADA protections, privacy invasions, terrorist uses, specialized software, and security protocols has exploded. (Nichols, et al., 2019) Our team has followed / tracked joint ventures between military and corporate entities and specialized labs to build UAS countermeasures. As authors, we felt compelled to address at least the edge of some of the new C-UAS developments. It was clear that we would be lucky if we could cover a few of – the more interesting and priority technology updates – all in the UNCLASSIFIED and OPEN sphere. Counter Unmanned Aircraft Systems: Technologies and Operations is the companion textbook to our 2nd edition. The civilian market is interesting and entrepreneurial, but the military and intelligence markets are of concern because the US does NOT lead the pack in C-UAS technologies. China does. China continues to execute its UAS proliferation along the New Silk Road Sea / Land routes (NSRL). It has maintained a 7% growth in military spending each year to support its buildup. (Nichols, et al., 2019) [Chapter 21]. They continue to innovate and have recently improved a solution for UAS flight endurance issues with the development of advanced hydrogen fuel cell. (Nichols, et al., 2019) Reed and Trubetskoy presented a terrifying map of countries in the Middle East with armed drones and their manufacturing origin. Guess who? China. (A.B. Tabriski & Justin, 2018, December) Our C-UAS textbook has as its primary mission to educate and train resources who will enter the UAS / C-UAS field and trust it will act as a call to arms for military and DHS planners.https://newprairiepress.org/ebooks/1031/thumbnail.jp

Embedded document security using sticky policies and identity based encryption

Data sharing domains have expanded over several, both trusted and insecure environments. At the same time, the data security boundaries have shrunk from internal network perimeters down to a single identity and a piece of information. Since new EU GDPR regulations, the personally identifiable information sharing requires data governance in favour of a data subject. Existing enterprise grade IRM solutions fail to follow open standards and lack of data sharing frameworks that could efficiently integrate with existing identity management and authentication infrastructures. IRM services that stood against cloud demands often offer a very limited access control functionality allowing an individual to store a document online giving a read or read-write permission to other individual identified by email address. Unfortunately, such limited information sharing controls are often introduced as the only safeguards in large enterprises, healthcare institutions and other organizations that should provide the highest possible personal data protection standards. The IRM suffers from a systems architecture vulnerability where IRM application installed on a semi-trusted client truly only guarantees none or full access enforcement. Since no single authority is contacted to verify each committed change the adversary having an advantage of possessing data-encrypting and key-encrypting keys could change and re-encrypt the amended content despite that read only access has been granted. Finally, the two evaluated IRM products, have either the algorithm security lifecycle (ASL) relatively short to protect the shared data, or the solution construct highly restrained secure key-encrypting key distribution and exposes a symmetric data-encrypting key over the network. Presented here sticky policy with identity-based encryption (SPIBE) solution was designed for secure cloud data sharing. SPIBE challenges are to deliver simple standardized construct that would easily integrate with popular OOXML-like document formats and provide simple access rights enforcement over protected content. It leverages a sticky policy construct using XACML access policy language to express access conditions across different cloud data sharing boundaries. XACML is a cloud-ready standard designed for a global multi-jurisdictional use. Unlike other raw ABAC implementations, the XACML offers a standardised schema and authorisation protocols hence it simplifies interoperability. The IBE is a cryptographic scheme protecting the shared document using an identified policy as an asymmetric key-encrypting a symmetric data-encrypting key. Unlike ciphertext-policy attribute-based access control (CP-ABE), the SPIBE policy contains not only access preferences but global document identifier and unique version identifier what makes each policy uniquely identifiable in relation to the protected document. In IBE scheme the public key-encrypting key is known and could be shared between the parties although the data-encrypting key is never sent over the network. Finally, the SPIBE as a framework should have a potential to protect data in case of new threats where ASL of a used cryptographic primitive is too short, when algorithm should be replaced with a new updated cryptographic primitive. The IBE like a cryptographic protocol could be implemented with different cryptographic primitives. The identity-based encryption over isogenous pairing groups (IBE-IPG) is a post-quantum ready construct that leverages the initial IBE Boneh-Franklin (IBE-BF) approach. Existing IBE implementations could be updated to IBE-IPG without major system amendments. Finally, by applying the one document versioning blockchain-like construct could verify changes authenticity and approve only legitimate document updates, where other IRM solutions fail to operate delivering the one single authority for non-repudiation and authenticity assurance

The Pythia PRF Service

Conventional cryptographic services such as hardware-security modules and software-based key-management systems offer the ability to apply a pseudorandom function (PRF) such as HMAC to inputs of a client’s choosing. These services are used, for example, to harden stored password hashes against offline brute-force attacks. We propose a modern PRF service called PYTHIA designed to offer a level of flexibility, security, and ease- of-deployability lacking in prior approaches. The keystone of PYTHIA is a new cryptographic primitive called a verifiable partially-oblivious PRF that reveals a portion of an input message to the service but hides the rest. We give a construction that additionally supports efficient bulk rotation of previously obtained PRF values to new keys. Performance measurements show that our construction, which relies on bilinear pairings and zero-knowledge proofs, is highly practical. We also give accompanying formal definitions and proofs of security. We implement PYTHIA as a multi-tenant, scalable PRF service that can scale up to hundreds of millions of distinct client applications on commodity systems. In our prototype implementation, query latencies are 15 ms in local-area settings and throughput is within a factor of two of a standard HTTPS server. We further report on implementations of two applications using PYTHIA, showing how to bring its security benefits to a new enterprise password storage system and a new brainwallet system for Bitcoin