26 research outputs found
Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing
Abstract Attribute-based encryption (ABE) can be used for implementing fine-grained data sharing in cloud computing. However, most of the existing ABE schemes cannot realize attribute extension and provable security simultaneously. In this paper, we propose a fine-grained attribute-based data sharing system based on a hybrid encryption mechanism. A rigorous security proof indicates that the proposed scheme is selective-secure under the decisional bilinear Diffie-Hellman assumption. In particular, the proposed data sharing scheme can efficiently support attribute extension and allow AND-gate access policies with multiple attribute values and wildcards. Extensive simulation results indicate that the proposed scheme is extremely suitable for data sharing in cloud computing
Statistical Review of Health Monitoring Models for Real-Time Hospital Scenarios
Health Monitoring System Models (HMSMs) need speed, efficiency, and security to work. Cascading components ensure data collection, storage, communication, retrieval, and privacy in these models. Researchers propose many methods to design such models, varying in scalability, multidomain efficiency, flexibility, usage and deployment, computational complexity, cost of deployment, security level, feature usability, and other performance metrics. Thus, HMSM designers struggle to find the best models for their application-specific deployments. They must test and validate different models, which increases design time and cost, affecting deployment feasibility. This article discusses secure HMSMs' application-specific advantages, feature-specific limitations, context-specific nuances, and deployment-specific future research scopes to reduce model selection ambiguity. The models based on the Internet of Things (IoT), Machine Learning Models (MLMs), Blockchain Models, Hashing Methods, Encryption Methods, Distributed Computing Configurations, and Bioinspired Models have better Quality of Service (QoS) and security than their counterparts. Researchers can find application-specific models. This article compares the above models in deployment cost, attack mitigation performance, scalability, computational complexity, and monitoring applicability. This comparative analysis helps readers choose HMSMs for context-specific application deployments. This article also devises performance measuring metrics called Health Monitoring Model Metrics (HM3) to compare the performance of various models based on accuracy, precision, delay, scalability, computational complexity, energy consumption, and security
Cryptographic Schemes based on Elliptic Curve Pairings
This thesis introduces the concept of certificateless public key
cryptography (CLPKC). Elliptic curve pairings are then used to
make concrete CL-PKC schemes and are also used to make other
efficient key agreement protocols.
CL-PKC can be viewed as a model for the use of public key cryptography
that is intermediate between traditional certificated PKC and ID-PKC.
This is because, in contrast to traditional public key cryptographic
systems, CL-PKC does not require the use of certificates to guarantee
the authenticity of public keys. It does rely on the use of a trusted
authority (TA) who is in possession of a master key. In this
respect, CL-PKC is similar to identity-based public key
cryptography (ID-PKC). On the other hand, CL-PKC does not suffer
from the key escrow property that is inherent in ID-PKC.
Applications for the new infrastructure are discussed.
We exemplify how CL-PKC schemes can be constructed by constructing
several certificateless public key encryption schemes and
modifying other existing ID based schemes. The lack of
certificates and the desire to prove the schemes secure in the
presence of an adversary who has access to the master key or has
the ability to replace public keys, requires the careful
development of new security models. We prove that some of our
schemes are secure, provided that the Bilinear Diffie-Hellman
Problem is hard.
We then examine Joux’s protocol, which is a one round, tripartite
key agreement protocol that is more bandwidth-efficient than any
previous three-party key agreement protocol, however, Joux’s protocol
is insecure, suffering from a simple man-in-the-middle attack. We
show how to make Joux’s protocol secure, presenting several tripartite,
authenticated key agreement protocols that still require only one round
of communication. The security properties of the new protocols are
studied. Applications for the protocols are also discussed
An Approach to Guide Users Towards Less Revealing Internet Browsers
When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
Selected Papers from the First International Symposium on Future ICT (Future-ICT 2019) in Conjunction with 4th International Symposium on Mobile Internet Security (MobiSec 2019)
The International Symposium on Future ICT (Future-ICT 2019) in conjunction with the 4th International Symposium on Mobile Internet Security (MobiSec 2019) was held on 17–19 October 2019 in Taichung, Taiwan. The symposium provided academic and industry professionals an opportunity to discuss the latest issues and progress in advancing smart applications based on future ICT and its relative security. The symposium aimed to publish high-quality papers strictly related to the various theories and practical applications concerning advanced smart applications, future ICT, and related communications and networks. It was expected that the symposium and its publications would be a trigger for further related research and technology improvements in this field
Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata
Alpenhorn is the first system for initiating an encrypted connection between two users that provides strong privacy and forward secrecy guarantees for metadata (i.e., information about which users connected to each other) and that does not require out-of-band communication other than knowing the other user's Alpenhorn username (email address). This resolves a significant shortcoming in all prior works on private messaging, which assume an out-of-band key distribution mechanism. Alpenhorn's design builds on three ideas. First, Alpenhorn provides each user with an address book of friends that the user can call to establish a connection. Second, when a user adds a friend for the first time, Alpenhorn ensures the adversary does not learn the friend's identity, by using identity-based encryption in a novel wayto privately determine the friend's public key. Finally, when calling a friend, Alpenhorn ensures forward secrecy of metadata by storing pairwise shared secrets in friends' address books, and evolving them over time, using a new keywheel construction. Alpenhorn relies on a number of servers, but operates in an anytrust model, requiring just one of the servers to be honest. We implemented a prototype of Alpenhorn, and integrated it into the Vuvuzela private messaging system (which did not previously provide privacy or forward secrecy of metadata when initiating conversations). Experimental results show that Alpenhorn can scale to many users, supporting 10 million users on three Alpenhorn servers with an average call latency of 150 seconds and a client bandwidth overhead of 3.7 KB/sec
Big data analytics: balancing individuals’ privacy rights andbusiness interests
This research thesis analyses and discusses the importance of having a legal framework that can control and manage the use of data during the Big Data analysis process.
The thesis firstly examines the data analytics technologies, such as Hadoop Distributed File System (HDFS) and the technologies that are used to protect data during the analytics process. Then there is an examination of the legal principles that are part of the new General Data Protection Regulation (GDPR), and the other laws that are in place in order to manage the new era of Big Data analytics. Both the legal principles Chapter and data analytics Chapter are part of the literature review.
The IT section of the literature review begins with an analysis of the data analytics technologies, such as HDFS and Map-Reduce. The second part consists of the technologies to protect privacy, especially with respect to protection during the data generation phase. Furthermore, there is a discussion on whether these current technologies are good enough to provide protection for personal data in the Big Data age.
The legal section of the literature review starts by discussing some risk mitigation schemes that can be used to help individuals protect their data. This is followed by an analysis of consent issues in the Big Data era and later by an examination of the important legal principles that can help to control the Big Data process and ultimately protect individuals’ personal data.
The motivation for carrying out this research was to examine how Big Data could have an effect on ordinary individuals, specifically with respect to how their data and privacy could be infringed during the data analytics process. This was done by bringing together the Big Data worlds from the legal and technological perspective. Also, by hearing the thoughts and views of those individuals who could be affected, and hearing from the experts who could shine a light on the realities in the Big Data era.
The research includes the analysis and results of three surveys, constituting over 100 respondents, who expressed their views on a number of issues, including their fears about privacy online. This included a survey of mainly closed questions for students at Canterbury Christ Church University, a survey monkey survey for students at University College Cork, in Ireland and finally a survey for students in Sri Lanka.
Questions were posed to some experts in areas of IT law and Big Data analytics and security. The results of these interviews were analysed and discussed, producing much debate with respect to what can be done to manage and protect citizens’ personal data privacy in the age of Big Data analytics. The software packages Statistical Package for the Social Sciences (SPSS) and Minitab were used to analyse the results of the surveys, while Qualitative Data Analysis Miner (QDA miner) software was used to analyse the results of the interviews