725 research outputs found
Attribute-based encryption for cloud computing access control: A survey
National Research Foundation (NRF) Singapore; AXA Research Fun
Droplet: Decentralized Authorization for IoT Data Streams
This paper presents Droplet, a decentralized data access control service,
which operates without intermediate trust entities. Droplet enables data owners
to securely and selectively share their encrypted data while guaranteeing data
confidentiality against unauthorized parties. Droplet's contribution lies in
coupling two key ideas: (i) a new cryptographically-enforced access control
scheme for encrypted data streams that enables users to define fine-grained
stream-specific access policies, and (ii) a decentralized authorization service
that handles user-defined access policies. In this paper, we present Droplet's
design, the reference implementation of Droplet, and experimental results of
three case-study apps atop of Droplet: Fitbit activity tracker, Ava health
tracker, and ECOviz smart meter dashboard
Secure Data Communication in Autonomous V2X Systems
In Vehicle-to-Everything (V2X) communication systems, vehicles as well as infrastructure devices can interact and exchange data with each other. This capability is used to implement intelligent transportation systems applications. Data confidentiality and integrity need to be preserved in unverified and untrusted environments. In this paper, we propose a solution that provides (a) role-based and attribute-based access control to encrypted data and (b) encrypted search over encrypted data. Vehicle Records contain sensitive information about the owners and vehicles in encrypted form with attached access control policies and policy enforcement engine. Our solution supports decentralized and distributed data exchange, which is essential in V2X systems, where a Central Authority is not required to enforce access control policies. Furthermore, we facilitate querying encrypted Vehicle Records through Structured Query Language (SQL) queries. Vehicle Records are stored in a database in untrusted V2X cloud environment that is prone to provide the attackers with a large attack surface. Big datasets, stored in cloud, can be used for data analysis, such as traffic pattern analysis. Our solution protects sensitive vehicle and owner information from curious or malicious information cloud administrators. Support of indexing improves performance of queries that are forwarded to relevant encrypted Vehicle Records, which are stored in the cloud. We measure the performance overhead of our security solution based on self-protecting Vehicle Records with encrypted search capabilities in V2X communication systems and analyze the effect of security over safety
T3AB: Transparent and Trustworthy Third-party Authority using Blockchain
Increasingly, information systems rely on computational, storage, and network
resources deployed in third-party facilities or are supported by service
providers. Such an approach further exacerbates cybersecurity concerns
constantly raised by numerous incidents of security and privacy attacks
resulting in data leakage and identity theft, among others. These have in turn
forced the creation of stricter security and privacy related regulations and
have eroded the trust in cyberspace. In particular, security related services
and infrastructures such as Certificate Authorities (CAs) that provide digital
certificate service and Third-Party Authorities (TPAs) that provide
cryptographic key services, are critical components for establishing trust in
Internet enabled applications and services. To address such trust issues,
various transparency frameworks and approaches have been recently proposed in
the literature. In this paper, we propose a Transparent and Trustworthy TPA
using Blockchain (T3AB) to provide transparency and accountability to the
trusted third-party entities, such as honest-but-curious third-party IaaS
servers, and coordinators in various privacy-preserving machine learning (PPML)
approaches. T3AB employs the Ethereum blockchain as the underlying public
ledger and also includes a novel smart contract to automate accountability with
an incentive mechanism that motivates participants' to participate in auditing,
and punishes unintentional or malicious behaviors. We implement T3AB, and show
through experimental evaluation in the Ethereum official test network, Rinkeby,
that the framework is efficient. We also formally show the security guarantee
provided by T3AB, and analyze the privacy guarantee and trustworthiness it
provides
reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption
In this paper we present reclaimID: An architecture that allows users to
reclaim their digital identities by securely sharing identity attributes
without the need for a centralised service provider. We propose a design where
user attributes are stored in and shared over a name system under user-owned
namespaces. Attributes are encrypted using attribute-based encryption (ABE),
allowing the user to selectively authorize and revoke access of requesting
parties to subsets of his attributes. We present an implementation based on the
decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE
using type-1 pairings. To show the practicality of our implementation, we
carried out experimental evaluations of selected implementation aspects
including attribute resolution performance. Finally, we show that our design
can be used as a standard OpenID Connect Identity Provider allowing our
implementation to be integrated into standard-compliant services.Comment: 12 page
- …