955 research outputs found
An efficient framework for privacy-preserving computations on encrypted IoT data
There are two fundamental expectations from Cloud-IoT applications using sensitive and personal data: data utility and user privacy. With the complex nature of cloud-IoT ecosystem, there is a growing concern about data utility at the cost of privacy. While the current state-of-the-art encryption schemes protect users’ privacy, they preclude meaningful computations on encrypted data. Thus, the question remains “how to help IoT device users benefit from cloud computing without compromising data confidentiality and user privacy”? Cloud service providers (CSP) can leverage Fully homomorphic encryption (FHE) schemes to deliver privacy-preserving services. However, there are limitations in directly adopting FHE-based solutions for real-world Cloud-IoT applications. Thus, to foster real-world adoption of FHE-based solutions, we propose a framework called Proxy re-ciphering as a service. It leverages existing schemes such as distributed proxy servers, threshold secret sharing, chameleon hash function and FHE to tailor a practical solution that enables long-term privacy-preserving cloud computations for IoT ecosystem. We also encourage CSPs to store minimal yet adequate information from processing the raw IoT device data. Furthermore, we explore a way for IoT devices to refresh their device keys after a key-compromise. To evaluate the framework, we first develop a testbed and measure the latencies with real-world ECG records from TELE ECG Database. We observe that i) although the distributed framework introduces computation and communication latencies, the security gains outweighs the latencies, ii) the throughput of the servers providing re-ciphering service can be greatly increased with pre-processing iii) with a key refresh scheme we can limit the upper bound on the attack window post a key-compromise. Finally, we analyze the security properties against major threats faced by Cloud-IoT ecosystem. We infer that Proxy re-ciphering as a service is a practical, secure, scalable and an easy-to-adopt framework for long-term privacy-preserving cloud computations for encrypted IoT data
Whether using encryption in SCADA systems, the services performance requirements are still met in OT IT environment over an MPLS core network?
A Research Project Abstract
submitted in fulfillment of the requirements
for
Master of Science in Engineering [Electrical]: Telecommunications
at the
University Of The Witwatersrand, Johannesburg
07 June 2016Utilities use Supervisory Control and Data Acquisition systems as their industrial control
system. The architecture of these systems in the past was based on them being isolated from
other networks. Now with recent ever changing requirements of capabilities from these
systems there is a need to converge with information technology systems and with the need to
have these industrial networks communicating on packet switched networks there are cyber
security concerns that come up.
This research project looks at the whether using encryption in an IP/MPLS core network for
SCADA in an OT IT environment has an effect on the performance requirements. This was
done through an experimental simulation with the results recorded. The research project also
looks at the key literature study considerations.
The key research question for the research project of this MSc 50/50 mini-thesis is “whether
using encryption in SCADA systems, the services performance requirements are still met in
OT/ IT environment over an MPLS core network”? The research project seeks to determine if
SCADA performance requirements are met over an encrypted MPLS/IP core network in an
OT/IT environment. The key focus area of the research project is only encryption in the
whole cyber security value chain versus SCADA services performances. This means that the
research project only focused on the encryption portion of the whole cyber security value
chain and the scope did not focus on other aspects of the value chain. This suffices for an
MSc 50/50 mini-thesis research project as a focus on the whole value chain would require a
full MSc thesis.
Thus the primary objective for the research project is to research and demonstrate that
encryption is essential for secure SCADA communication over a MPLS/IP core network. As
aforementioned encryption forms an essential part of the Cyber Security value chain which
has to achieve the following objectives.
Confidentiality: ensuring that the information source is really from that source.
Integrity: ensuring that the information has not been altered in any way.
Availability: ensuring that system is not comprised but that it is available.
These objectives of encryption should be met with SCADA service performance
requirements not violated which is the objective of the research project.M T 201
Framework for privacy-aware content distribution in peer-to- peer networks with copyright protection
The use of peer-to-peer (P2P) networks for multimedia distribution has spread out globally in recent years. This mass popularity is primarily driven by the efficient distribution of content, also giving rise to piracy and copyright infringement as well as privacy concerns. An end user (buyer) of a P2P content distribution system does not want to reveal his/her identity during a transaction with a content owner (merchant), whereas the merchant does not want the buyer to further redistribute the content illegally. Therefore, there is a strong need for content distribution mechanisms over P2P networks that do not pose security and privacy threats to copyright holders and end users, respectively. However, the current systems being developed to provide copyright and privacy protection to merchants and end users employ cryptographic mechanisms, which incur high computational and communication costs, making these systems impractical for the distribution of big files, such as music albums or movies.El uso de soluciones de igual a igual (peer-to-peer, P2P) para la distribución multimedia se ha extendido mundialmente en los últimos años. La amplia popularidad de este paradigma se debe, principalmente, a la distribución eficiente de los contenidos, pero también da lugar a la piratería, a la violación del copyright y a problemas de privacidad. Un usuario final (comprador) de un sistema de distribución de contenidos P2P no quiere revelar su identidad durante una transacción con un propietario de contenidos (comerciante), mientras que el comerciante no quiere que el comprador pueda redistribuir ilegalmente el contenido más adelante. Por lo tanto, existe una fuerte necesidad de mecanismos de distribución de contenidos por medio de redes P2P que no supongan un riesgo de seguridad y privacidad a los titulares de derechos y los usuarios finales, respectivamente. Sin embargo, los sistemas actuales que se desarrollan con el propósito de proteger el copyright y la privacidad de los comerciantes y los usuarios finales emplean mecanismos de cifrado que implican unas cargas computacionales y de comunicaciones muy elevadas que convierten a estos sistemas en poco prácticos para distribuir archivos de gran tamaño, tales como álbumes de música o películas.L'ús de solucions d'igual a igual (peer-to-peer, P2P) per a la distribució multimèdia s'ha estès mundialment els darrers anys. L'àmplia popularitat d'aquest paradigma es deu, principalment, a la distribució eficient dels continguts, però també dóna lloc a la pirateria, a la violació del copyright i a problemes de privadesa. Un usuari final (comprador) d'un sistema de distribució de continguts P2P no vol revelar la seva identitat durant una transacció amb un propietari de continguts (comerciant), mentre que el comerciant no vol que el comprador pugui redistribuir il·legalment el contingut més endavant. Per tant, hi ha una gran necessitat de mecanismes de distribució de continguts per mitjà de xarxes P2P que no comportin un risc de seguretat i privadesa als titulars de drets i els usuaris finals, respectivament. Tanmateix, els sistemes actuals que es desenvolupen amb el propòsit de protegir el copyright i la privadesa dels comerciants i els usuaris finals fan servir mecanismes d'encriptació que impliquen unes càrregues computacionals i de comunicacions molt elevades que fan aquests sistemes poc pràctics per a distribuir arxius de grans dimensions, com ara àlbums de música o pel·lícules
Cryptocurrencies in the Digital Age : A Holistic Examination of Technology and Trends
This thesis explores the complex world of blockchain technology and cryptocurrencies, offering an investigation of their social effects, economic ramifications, and
technical underpinnings. In the introduction, the nature and hypothesis of cryptocurrencies
are explained, along with their inherent advantages and disadvantages,
as well as the current issues that the industry is facing. The main objective of this
thesis is to advance a more logical understanding of the complex interactions among
blockchain technology, cryptographic ideas, and the larger field of digital currency.
A foundational approach is perceived by the mathematical preliminaries part, which
clarifies important cryptographic ideas like symmetric and public-key cryptography,
cryptographic protocols, cryptanalysis, and how they relate to blockchain technology.
In doing so, the thesis establishes the foundation for evaluating the complexities
associated with protecting and authenticating transactions in decentralized
systems. As I move on, the investigation of blockchain technology includes a review
of its design, workings, and uses in various sectors of the economy. The scalability
and performance issues that blockchain is facing are assessed in this section, especially
considering its expanding applications. The concluding segment explores
the wider ramifications of cryptocurrencies on society, summarizing their influence
on society and the dynamic regulatory environment. The dynamic world of cryptocurrencies
and tokens, as well as their technological foundations, economic factors,
adoption trends, legal frameworks, and the crucial problem of energy consumption
from mining operations, are addressed. The thesis’s final remarks provide a succinct
overview of the major discoveries and their possible implications for advancing
blockchain technology and cryptocurrencies in the future. They also synthesize the
insights obtained throughout the thesis
A Survey of Data Security: Practices from Cybersecurity and Challenges of Machine Learning
Machine learning (ML) is increasingly being deployed in critical systems. The
data dependence of ML makes securing data used to train and test ML-enabled
systems of utmost importance. While the field of cybersecurity has
well-established practices for securing information, ML-enabled systems create
new attack vectors. Furthermore, data science and cybersecurity domains adhere
to their own set of skills and terminologies. This survey aims to present
background information for experts in both domains in topics such as
cryptography, access control, zero trust architectures, homomorphic encryption,
differential privacy for machine learning, and federated learning to establish
shared foundations and promote advancements in data security
Security analysis of an e-commerce solution
The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE
Lightweight Information Security Methods for Indoor Wireless Body Area Networks: from Channel Modeling to Secret Key Extraction
A group of wirelessly communicating sensors that are placed inside, on or around a human body constitute a Wireless Body Area Network (WBAN). Continuous monitoring of vital signs through WBANs have a potential to revolutionize current health care services by reducing the cost, improving accessibility, and facilitating medical diagnosis. However, sensitive nature of personal health data requires WBANs to integrate appropriate security methods and practices. As limited hardware resources make conventional security measures inadequate in a WBAN context, this work is focused on alternative techniques based on Wireless Physical Layer Security (WPLS). More specifically, we introduce a symbiosis of WPLS and Compressed Sensing to achieve security at the time of sampling. We successfully show how the proposed framework can be applied to electrocardiography data saving significant computational and memory resources. In the scenario when a WBAN Access Point can make use of diversity methods in the form of Switch-and-Stay Combining, we demonstrate that output Signal-to-Noise Ratio (SNR) and WPLS key extraction rate are optimized at different switching thresholds. Thus, the highest key rate may result in significant loss of output SNR. In addition, we also show that the past WBAN off-body channel models are insufficient when the user exhibits dynamic behavior. We propose a novel Rician based off-body channel model that can naturally reflect body motion by randomizing Rician factor K and considering small and large scale fading to be related. Another part of our investigation provides implications of user\u27s dynamic behavior on shared secret generation. In particular, we reveal that body shadowing causes negative correlation of the channel exposing legitimate participants to a security threat. This threat is analyzed from a qualitative and quantitative perspective of a practical secret key extraction algorithm
- …