Ex-HABE with User Accountability for Secure Access Control in Cloud

Data outsourcing is becoming a useful and feasible paradigm with the rapid application of service-oriented technologies. Many researchers have tried combination of access control and cryptography to propose a model to protect sensitive information in this outsourcing scenario. However, these combinations in existing approaches have difficulty in key management and key distribution when fine-grained data access is required. Taking the complexity of fine-grained access control policy and the wide-reaching users of cloud in account, this issue would become extremely difficult to iron out. Various system models using attribute-based encryption (ABE) have been proposed however, most of them suffer from heavy overhead in implementing the access control policies. In this paper, a system is proposed with extended hierarchical attribute-based encryption (HABE) by using ciphertext-policy attribute-based encryption (ABE). It uses the hierarchical structure of users and bilinear mapping for generating the keys for various data handlers. Also the system focuses on user tracking by allocating an unique id to user. The system uses traitor tracing along with separation of duty made available by HABE and reduces the scope of key abuse. It is formally proved extended HABE with traitor tracing adds on to user accountability if user tracking for resource is maintained for hierarchical systems. DOI: 10.17762/ijritcc2321-8169.16042

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

Long-Term Confidential Secret Sharing-Based Distributed Storage Systems

Secret sharing-based distributed storage systems can provide long-term protection of confidentiality and integrity of stored data. This is achieved by periodically refreshing the stored shares and by checking the validity of the generated shares through additional audit data. However, in most real-life environments (e.g. companies), this type of solution is not optimal for three main reasons. Firstly, the access rules of state of the art secret sharing-based distributed storage systems do not match the hierarchical organization in place in these environments. Secondly, data owners are not supported in selecting the most suitable storage servers while first setting up the system nor in maintaining it secure in the long term. Thirdly, state of the art approaches require computationally demanding and unpractical and expensive building blocks that do not scale well. In this thesis, we mitigate the above mentioned issues and contribute to the transition from theory to more practical secret sharing-based long-term secure distributed storage systems. Firstly, we show that distributed storage systems can be based on hierarchical secret sharing schemes by providing efficient and secure algorithms, whose access rules can be adapted to the hierarchical organization of a company and its future modifications. Secondly, we introduce a decision support system that helps data owners to set up and maintain a distributed storage system. More precisely, on the one hand, we support data owners in selecting the storage servers making up the distributed storage system. We do this by providing them with scores that reflect their actual performances, here used in a broad sense and not tied to a specific metric. These are the output of a novel performance scoring mechanism based on the behavioral model of rational agents as opposed to the classical good/bad model. On the other hand, we support data owners in choosing the right secret sharing scheme parameters given the performance figures of the storage servers and guide them in updating them accordingly with the updated performance figures so as to maintain the system secure in the long term. Thirdly, we introduce efficient and affordable distributed storage systems based on a trusted execution environment that correctly outsources the data and periodically computes valid shares. This way, less information-theoretically secure channels have to be established for confidentiality guarantees and more efficient primitives are used for the integrity safeguard of the data. We present a third-party privacy-preserving mechanism that protects the integrity of data by checking the validity of the shares

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

Performance Evaluation of three Data Access Control Schemes for Cloud Computing

Cloud services are flourishing recently, both among computer users and business enterprises. They deliver remote, on-demand, convenient services for data storage, access and processing. While embracing the benefits brought by various cloud services, the consumers are faced with data disclosure, privacy leaks and malicious attacks. Therefore, it is important to use strong access control policies to maintain the security and confidentiality of the data stored in the cloud. This thesis studies the performance of three existing security schemes proposed for cloud data access control on the basis of trust and reputation. We implement the three schemes and conduct computation complexity analysis, security analysis and performance evaluation. This thesis introduces the implementation of a number of cryptographic algorithms applied in the above data access control schemes, including Proxy Re-encryption (PRE) and Ciphertext-Policy Attribute Based Encryption (CP-ABE), reputation generation and secure data transmission over Secure Socket Layer (SSL). We summarize the evaluation results and compare the performances in the aspects of computation and communication costs, flexibility, scalability and feasibility of practical usage. Pros and cons, as well as suitable application scenarios of the three schemes are further discussed

Blockchain-based secure and efficient secret image sharing with outsourcing computation in wireless networks

Secret Image Sharing (SIS) is the technology that shares any given secret image by generating and distributing n shadow images in the way that any subset of k shadow images can restore the secret image. However, in the existing SIS schemes, the shadow images will be easily tampered and corrupted during the communication, which will pose serious security issues. Recently, blockchain has emerged as a promising paradigm in the field of data communication and information security. To securely communicate and effectively protect the secret image data in wireless networks, we propose a Blockchain-based Secure and Efficient Secret Image Sharing (BC-SESIS) scheme with outsourcing computation in wireless networks. In the proposed BC-SESIS scheme, the shadow images are encrypted and stored in the blockchain to prevent them from being tampered and corrupted. The identity authentication-enabled smart contract is deployed to achieve the ( k, n ) threshold for secret image restoring. Furthermore, to reduce the computational burden of smart contract and users, an efficient outsourcing computation method is designed to outsource the restoring task, which is securely implemented by agent miners in the encryption domain. Theoretical analysis and extensive experiments demonstrate that the BC-SESIS scheme can achieve desirable communication security and high computational efficiency in the wireless networks

Security and Privacy Attribute Based Data Sharing in Public Cloud Storage

Public cloud storage is a cloud storage model that give services to people and associations to store, alter and oversee data. Public cloud storage benefit is otherwise called storage benefit, utility storage and online storage. Cloud storage has numerous focal points, there is still stay different difficulties among which protection and security of clients data have significant issues in public cloud storage. Attribute Based Encryption (ABE) is a cryptographic system which gives data proprietor coordinate control over their data in public cloud storage. In the customary ABE conspire include single authority to keep up attribute set which can bring a solitary point bottleneck on both security and execution. Presently we utilize edge multi-authority Cipher content Policy Attribute-Based Encryption (CP-ABE) get to control plot, name TMACS. TMACS is Threshold Multi-Authority Access Control System. In TMACS, different authority mutually deals with the entire attribute set yet nobody has full control of a particular attribute. By joining limit secret sharing (t,n) and multi-authority CP-ABE conspire, we created dynamic multiauthority get to control framework in public cloud storage