SensoTrust: trustworthy domains in wireless sensor networks

Wireless sensor networks (WSNs) based on wearable devices are being used in a growing variety of applications, many of them with strict privacy requirements: medical, surveillance, e-Health, and so forth. Since private data is being shared (physiological measures, medical records, etc.), implementing security mechanisms in these networks has become a major challenge. The objective of deploying a trustworthy domain is achieving a nonspecific security mechanism that can be used in a plethora of network topologies and with heterogeneous application requirements. Another very important challenge is resilience. In fact, if a stand-alone and self-configuring WSN is required, an autosetup mechanism is necessary in order to maintain an acceptable level of service in the face of security issues or faulty hardware. This paper presents SensoTrust, a novel security model for WSN based on the definition of trustworthy domains, which is adaptable to a wide range of applications and scenarios where services are published as a way to distribute the acquired data. Security domains can be deployed as an add-on service to merge with any service already deployed, obtaining a new secured service

Searchable atribute-based mechanism with efficiient data sharing for secure cloud storage

To date, the growth of electronic personal data leads to a trend that data owners prefer to remotely outsource their data to clouds for the enjoyment of the high-quality retrieval and storage service without worrying the burden of local data management and maintenance. However, secure share and search for the outsourced data is a formidable task, which may easily incur the leakage of sensitive personal information. Efficient data sharing and searching with security is of critical importance. This paper, for the first time, proposes a searchable attribute-based proxy re-encryption system. When compared to existing systems only supporting either searchable attribute-based functionality or attribute-based proxy re-encryption, our new primitive supports both abilities and provides flexible keyword update service. Specifically, the system enables a data owner to efficiently share his data to a specified group of users matching a sharing policy and meanwhile, the data will maintain its searchable property but also the corresponding search keyword(s) can be updated after the data sharing. The new mechanism is applicable to many real-world applications, such as electronic health record systems. It is also proved chosen ciphertext secure in the random oracle model

A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM

Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct a round-optimal (2 rounds) universally composable (UC) protocol for oblivious transfer secure against active adaptive adversaries from any OW-CPA secure public-key encryption scheme with certain properties in the random oracle model (ROM). In terms of computation, our protocol only requires the generation of a public/secret-key pair, two encryption operations and one decryption operation, apart from a few calls to the random oracle. In~terms of communication, our protocol only requires the transfer of one public-key, two ciphertexts, and three binary strings of roughly the same size as the message. Next, we show how to instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE, and CDH assumptions. Our instantiations based on the low noise LPN, McEliece, and QC-MDPC assumptions are the first UC-secure OT protocols based on coding assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3) low communication and computational complexities. Previous results in this setting only achieved static security and used costly cut-and-choose techniques.Our instantiation based on CDH achieves adaptive security at the small cost of communicating only two more group elements as compared to the gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which only achieves static security in the ROM

BlockNet Report: Exploring the Blockchain Skills Concept and Best Practice Use Cases

In order to explore the practical potential and needs of interdisciplinary knowledge and competence requirements of Blockchain technology, the project activity "Development of Interdisciplinary Blockchain Skills Concept" starts with the literature review identifying the state of the art of Blockchain in Supply Chain Management and Logistics, Business and Finance, as well as Computer Science and IT-Security. The project activity further explores the academic and industry landscape of existing initiatives in education which offer Blockchain courses. Moreover, job descriptions and adverts are analyzed in order to specify today's competence requirements from enterprises. To discuss and define the future required competence, expert workshops are organized to validate the findings by academic experts. Based on the research outcome and validation, an interdisciplinary approach for Blockchain competence is developed. A second part focuses on the development of the Blockchain Best Practices activity while conducting qualitative empirical research based on case studies with industry representatives. Therefore, company interviews, based on the theoretical basis of Output 1, explore existing Blockchain use cases in different sectors. Due to the interdisciplinary importance of Blockchain technology, these skills will be defined by different perspectives of Blockchain from across multiple mentioned disciplines. The use cases and companies for the interviews will be selected based on various sampling criteria to gain results valid for a broad scale. The analysis of the various use cases will be conducted and defined in a standardized format to identify the key drivers and competence requirements for Blockchain technology applications and their adoption. On the one hand, this approach ensures comparability, on the other hand, it facilitates the development of a structured and systematic framework.Comment: arXiv admin note: text overlap with arXiv:2102.0322

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Microgrids: Planning, Protection and Control

This Special Issue will include papers related to the planning, protection, and control of smart grids and microgrids, and their applications in the industry, transportation, water, waste, and urban and residential infrastructures. Authors are encouraged to present their latest research; reviews on topics including methods, approaches, systems, and technology; and interfaces to other domains such as big data, cybersecurity, human–machine, sustainability, and smart cities. The planning side of microgrids might include technology selection, scheduling, interconnected microgrids, and their integration with regional energy infrastructures. The protection side of microgrids might include topics related to protection strategies, risk management, protection technologies, abnormal scenario assessments, equipment and system protection layers, fault diagnosis, validation and verification, and intelligent safety systems. The control side of smart grids and microgrids might include control strategies, intelligent control algorithms and systems, control architectures, technologies, embedded systems, monitoring, and deployment and implementation

Application of Power Electronics Converters in Smart Grids and Renewable Energy Systems

This book focuses on the applications of Power Electronics Converters in smart grids and renewable energy systems. The topics covered include methods to CO2 emission control, schemes for electric vehicle charging, reliable renewable energy forecasting methods, and various power electronics converters. The converters include the quasi neutral point clamped inverter, MPPT algorithms, the bidirectional DC-DC converter, and the push–pull converter with a fuzzy logic controller

Harnessing Human Potential for Security Analytics

Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin