Security and Privacy Issues of Big Data

This chapter revises the most important aspects in how computing infrastructures should be configured and intelligently managed to fulfill the most notably security aspects required by Big Data applications. One of them is privacy. It is a pertinent aspect to be addressed because users share more and more personal data and content through their devices and computers to social networks and public clouds. So, a secure framework to social networks is a very hot topic research. This last topic is addressed in one of the two sections of the current chapter with case studies. In addition, the traditional mechanisms to support security such as firewalls and demilitarized zones are not suitable to be applied in computing systems to support Big Data. SDN is an emergent management solution that could become a convenient mechanism to implement security in Big Data systems, as we show through a second case study at the end of the chapter. This also discusses current relevant work and identifies open issues.Comment: In book Handbook of Research on Trends and Future Directions in Big Data and Web Intelligence, IGI Global, 201

End-to-End Privacy for Open Big Data Markets

The idea of an open data market envisions the creation of a data trading model to facilitate exchange of data between different parties in the Internet of Things (IoT) domain. The data collected by IoT products and solutions are expected to be traded in these markets. Data owners will collect data using IoT products and solutions. Data consumers who are interested will negotiate with the data owners to get access to such data. Data captured by IoT products will allow data consumers to further understand the preferences and behaviours of data owners and to generate additional business value using different techniques ranging from waste reduction to personalized service offerings. In open data markets, data consumers will be able to give back part of the additional value generated to the data owners. However, privacy becomes a significant issue when data that can be used to derive extremely personal information is being traded. This paper discusses why privacy matters in the IoT domain in general and especially in open data markets and surveys existing privacy-preserving strategies and design techniques that can be used to facilitate end to end privacy for open data markets. We also highlight some of the major research challenges that need to be address in order to make the vision of open data markets a reality through ensuring the privacy of stakeholders.Comment: Accepted to be published in IEEE Cloud Computing Magazine: Special Issue Cloud Computing and the La

Secure Federated Learning with a Homomorphic Encryption Model

Federated learning (FL) offers collaborative machine learning across decentralized devices while safeguarding data privacy. However, data security and privacy remain key concerns. This paper introduces "Secure Federated Learning with a Homomorphic Encryption Model," addressing these challenges by integrating homomorphic encryption into FL. The model starts by initializing a global machine learning model and generating a homomorphic encryption key pair, with the public key shared among FL participants. Using this public key, participants then collect, preprocess, and encrypt their local data. During FL Training Rounds, participants decrypt the global model, compute local updates on encrypted data, encrypt these updates, and securely send them to the aggregator. The aggregator homomorphic ally combines updates without revealing participant data, forwarding the encrypted aggregated update to the global model owner. The Global Model Update ensures the owner decrypts the aggregated update using the private key, updates the global model, encrypts it with the public key, and shares the encrypted global model with FL participants. With optional model evaluation, training can iterate for several rounds or until convergence. This model offers a robust solution to Florida data privacy and security issues, with versatile applications across domains. This paper presents core model components, advantages, and potential domain-specific implementations while making significant strides in addressing FL's data privacy concerns

HealthBlock: A Blockchain-IoT Fusion for Secure Healthcare Data Exchange

Managing healthcare data while ensuring its security and privacy is critical to providing quality care to patients. However, traditional approaches to healthcare data sharing have limitations, including the risk of data breaches and the lack of privacy-preserving mechanisms. This research paper proposes a novel hybrid blockchain-IoT approach for privacy-preserving healthcare data sharing that addresses these challenges. Our system incorporates a private blockchain for protected and tamper-proof data sharing, with privacy-preserving techniques such as differential privacy and homomorphic encryption to protect patient data. IoT devices are utilized to collect and transmit real-time data, equipped with privacy-preserving mechanisms such as data anonymization and secure transmission protocols. Our approach achieved an accuracy rate of 98% for access control and a 99.6% success rate for data privacy protection. Furthermore, our proposed system demonstrated improved data storage and retrieval performance, with a data storage overhead reduction of up to 86% and a data retrieval time reduction of up to 81%. These results indicate the potential of our approach to enhance the security, privacy, and efficiency of healthcare data management, contributing to improved patient care outcomes

A HYBRIDIZED ENCRYPTION SCHEME BASED ON ELLIPTIC CURVE CRYPTOGRAPHY FOR SECURING DATA IN SMART HEALTHCARE

Recent developments in smart healthcare have brought us a great deal of convenience. Connecting common objects to the Internet is made possible by the Internet of Things (IoT). These connected gadgets have sensors and actuators for data collection and transfer. However, if users' private health information is compromised or exposed, it will seriously harm their privacy and may endanger their lives. In order to encrypt data and establish perfectly alright access control for such sensitive information, attribute-based encryption (ABE) has typically been used. Traditional ABE, however, has a high processing overhead. As a result, an effective security system algorithm based on ABE and Fully Homomorphic Encryption (FHE) is developed to protect health-related data. ABE is a workable option for one-to-many communication and perfectly alright access management of encrypting data in a cloud environment. Without needing to decode the encrypted data, cloud servers can use the FHE algorithm to take valid actions on it. Because of its potential to provide excellent security with a tiny key size, elliptic curve cryptography (ECC) algorithm is also used. As a result, when compared to related existing methods in the literature, the suggested hybridized algorithm (ABE-FHE-ECC) has reduced computation and storage overheads. A comprehensive safety evidence clearly shows that the suggested method is protected by the Decisional Bilinear Diffie-Hellman postulate. The experimental results demonstrate that this system is more effective for devices with limited resources than the conventional ABE when the system’s performance is assessed by utilizing standard model

Privacy-Preserving Data in IoT-based Cloud Systems: A Comprehensive Survey with AI Integration

As the integration of Internet of Things devices with cloud computing proliferates, the paramount importance of privacy preservation comes to the forefront. This survey paper meticulously explores the landscape of privacy issues in the dynamic intersection of IoT and cloud systems. The comprehensive literature review synthesizes existing research, illuminating key challenges and discerning emerging trends in privacy preserving techniques. The categorization of diverse approaches unveils a nuanced understanding of encryption techniques, anonymization strategies, access control mechanisms, and the burgeoning integration of artificial intelligence. Notable trends include the infusion of machine learning for dynamic anonymization, homomorphic encryption for secure computation, and AI-driven access control systems. The culmination of this survey contributes a holistic view, laying the groundwork for understanding the multifaceted strategies employed in securing sensitive data within IoT-based cloud environments. The insights garnered from this survey provide a valuable resource for researchers, practitioners, and policymakers navigating the complex terrain of privacy preservation in the evolving landscape of IoT and cloud computingComment: 33 page

Securing IoT with Trusted Authority Validation in Homomorphic Encryption Technique with ABE

Existing security system includes levels of encryption. IoT access is very important aspect. Failure of IoT security can cause more risks of physical and logical damage. IoT contain both functionalities including physical or computational process. In proposed approach, levels of encryption are enhanced by increasing levels of security. User can access IoT through central trusted authority only. Instead of actual data like user credentials or I/O functionality of Internet of things, encrypted data is delivered. Trusted authorities are been involved in secured IoT access structure by considering their credentials. Trusted authority is selected randomly, based on randomized selection algorithm. Based on secured logic, decryption key will be delivered to the IoT through separate channel by trusted authority. Session management has been added by considering initial and waiting time after which all encryption or decryption data will be expired. Homomorphism is applied in encryption process where proposed logic is applied on considered data after which again RSA algorithm is applied. Overall, proposed logical approach, homomorphism, session management, secured access structure and trusted authority involvement improves the security level in IoT access process

Two sides of data protection: Examining the complex and political nature to the personal data transfers between the European Union and the United States

This thesis investigates the complexity and the political aspects of the data protection. This thesis is viewed from the perspective of international transfers of personal data between the European Union and the United States. These two parties were chosen because of the special role each one has - the US in the cloud storages and the EU in the privacy regulation sphere. The thesis follows legal dogmatic methodology based on legal and doctrinal research materials with a focus on the importance of well- functioning data protection legislation by placing an interest towards technology-based approach rather than political. The thesis contains in-depth analysis on the history of EU’s data protection legislation and to events that have influenced it trying to answer the question what is wrong and why. Furthermore, the thesis attempts to resolve underlying problems with the current data protection legislation and analyse whether technological innovations could be used to our benefit. The thesis reaches the result that the possibility of having political sway in the data protection legislation has an impact and does not resolve the underlying problem of trust. Furthermore, technological innovations such as Fully Homomorphic Encryption could be used to resolve, at least partially, the problems faced in data protection. I reached the conclusion that if the EU chooses not to go with technology based problem-solving methods, adequacy decisions should be approved by the European Data Protection instead of the European Commission