SUPA: Strewn user-preserved authentication**

Objective – This paper presents the high level conceptual architecture of SUPA, an authentication system that would allow a system to authenticate users without having its own repository of users’ secret identification related data. Methodology/Technique – Central storage and management of user credentials or passwords leave a single tempting repository for the attackers. If the credentials are not stored by a system at all, there will be no stored ‘vault’ to allure the attackers. At the same time, there will be no single resource that holds the credentials of all users of a system. SUPA enables a system to authenticate itself users without having their secret credentials stored in it. Findings – The proposed authentication system uses the features of asymmetric encryption as part of its authentication process. Novelty – SUPA eliminates the requirement of secret user credentials at the system end, the user credentials are retained within the end-user’s devices

SUPA: Strewn User-Preserved Authentication

Central storage and management of user credentials or passwords leaves a single tempting repository for the attackers. If the credentials are not stored by a system at all, there will be no stored ‘vault’ to allure the attackers. At the same time, there will be no single resource that holds the credentials of all users of a system. This paper presents the high level conceptual architecture of SUPA, an authentication system that would allow a system to authenticate users without having its own repository of users’ credentials. SUPA enables a system to authenticate its users without having their credentials stored in it. The proposed authentication system uses the features of asymmetric encryption as part of its authentication process

Anonymous Authentication Against Man-In-The-Middle Attack

Evolving enterprise in application and data with flexible and scalable infrastructure in cloud services could improve efficiency and productivity of a business operation. Cloud services also offer resource sharing, data storage and application platform as on-demand services that could reduce the operational expenditure. Nevertheless, increasing usage and accessibility to the cloud services require strong security control to preserve user’s privacy and data integrity due to network communication vulnerabilities. There are many possible attacks that could cause security breach and abuse the user’s identity, leading to illegal access to the server. Man-inthe-middle attack is one of the attacks that can intercept communication between users and collect all users’ information. The attacker can misuse the information and act as a legal user to gain access to the system. It is a big challenge to preserve user’s privacy and provide protection from malicious attack. This paper proposes anonymous authentication scheme to preserve user’s privacy and provide protection to such possible attacks. The proposed scheme also provides secure mutual authentication, anonymity, session key establishment and non-dependency with the third party. The proposed scheme uses password-based authentication as an authentication method with anonymity feature to preserve user’s privacy. Experiment was conducted to test and validate the proposed scheme with man-in-the-middle attack. The result of the experiment shows that the proposed scheme is able to provide the privacy to mitigate and successfully preserve the user’s identity from the attack

Semantic medical care in smart cities

Medical care is a vitally important part of successful smart cities further development. High quality medical treatment has always been a challenging task for administrative departments of cities government. The key reason is that the treatment of patients significantly depends on the skills of medical stuff that can hardly be controlled and estimated. Semantic technologies by now have showed capabilities to solve highly complicated badly formalized problems in conditions of uncertainty. It makes reasonable to apply them in medical domain. In the paper a real example of information system for semantic medical care is presented. The system is being developed for Federal Almazov North-West Medical Research Centre in St-Petersburg, Russia (http://www.almazovcentre.ru/?lang=en). The main attention is paid to the proposed solution for the problem of medical treatment estimation in administrative and managerial departments. We focus on medical treatment examinations matching, trend analysis and administrative analytical and prediction task solving making use of semantic technologies, statistical analysis and deep learning applied to huge amounts of diverse data. Semantic medical data analysis project is an attempt to proceed to semantic medicine - an interoperable approach to medical domain area

Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table

Exploring Predicate Based Access Control for Cloud Workflow Systems

Authentication and authorization are the two crucial functions of any modern security and access control mechanisms. Authorization for controlling access to resources is a dynamic characteristic of a workflow system which is based on true business dynamics and access policies. Allowing or denying a user to gain access to a resource is the cornerstone for successful implementation of security and controlling paradigms. Role based and attribute based access control are the existing mechanisms widely used. As per these schemes, any user with given role or attribute respectively is granted applicable privileges to access a resource. There is third approach known as predicate based access control which is less explored. We intend to throw light on this as it provides more fine-grained control over resources besides being able to complement with existing approaches. In this paper we proposed a predicate-based access control mechanism that caters to the needs of cloud-based workflow systems

SERCON-BASED TIMESTAMPED VIRTUAL MACHINE MIGRATION SCHEME FOR CLOUD

With the advent of cloud computing, the need for deploying multiple virtual machines (VMs) on multiple hosts to address the ever-increasing user demands for services has raised concerns regarding energy consumption. Considerable energy is consumed while keeping the data centers with a large number of servers active. However, in data centers, there are cases where these servers may not get utilized efficiently. There can be servers that consume sufficient energy while running resources for a small task (demanding fewer resources), but there can also be servers that receive user requests so frequently that resources may be exhausted, and the server becomes unable to fulfill requests. In such a scenario, there is an urgent need to conserve energy and resources which is addressed by performing server consolidation. Server consolidation aims to reduce the total number of active servers in the cloud such that performance does not get compromised as well as energy is conserved in an attempt to make each server run to its maximum. This is done by reducing the number of active servers in a data center by transferring the workload of one or more VM(s) from one server to another, referred to as VM Migration (VMM). During VMM, time is supposed as a major constraint for effective and user-transparent migration. Thus, this paper proposes a novel VM migration strategy considering time sensitivity as a primary constraint. The aim of the proposed Time Sensitive Virtual Machine Migration (TS-VMM) is to reduce the number of migrations to a minimum with effective cost optimization and maximum server utilization

Success factors affecting the healthcare professionals to utilize cloud computing services

Integrating the new technologies to improve the healthcare services can be seen as one of the research trends nowadays, as earlier studies have recommended the potential of emerging technologies in enhancing healthcare service practices by means of providing more opportunities to carry out activities essential for prevention, diagnosis, monitoring, and treatment of the disease. Involving the cloud computing services in healthcare domain can offer a way for handling and maintaining health data by making use of software applications hosted on the Internet. To ensure successful cloud computing utilization, a pre-examination on the context of usage should be applied in order to collect the real needs to guarantee getting all the possible benefits of this technology. In Iraq, the health records of public hospitals consist of various types of data which continue to increase in velocity, volume, and variety progressively. This has led to several major issues to the health sectors from two perspectives, data complexity and low IT integrity. For that reason, managing and maintaining all these health data are essential to healthcare organizations. In this paper, we collected the success factors that may influence the healthcare professionals to utilize cloud computing services for the health sector in Iraq. This is done by conducting an interview with 30 physicians and technicians from four hospitals in Iraq, then a literature survey was carried out to verify that all the gathered factors are within the circumstance of healthcare. It has been found that eight factors may affect the perspective of healthcare professionals to utilize cloud computing services. Finally, a conceptual model was developed based on the findings

An access control and authorization model with Open stack cloud for Smart Grid

In compare to Authentication for identification and relationship of an identity of a user with its task and process within the system, authorization in access control is much anxious about confirming that user and its task in the form of system process, access to the assets of any particular domain is only approved when proven obedient to the identified policies. Access control and authorization is always an area of interest for researchers for enhancing security of critical assets from many decades. Our prime focus and interest is in the field of access control model based on Attribute base access control (ABAC) and with this paper we tried to integrate ABAC with openstack cloud for achieving finer level of granularity in access policies for domain like smart grid. Technical advancement of current era demands that critical infrastructure like traditional electrical grid open ups to the modern information and communication technology to get the benefit in terms of efficiency, scalability, accessibility and transparency for better adaptability in real world. Incorporation of ICT with electric grid makes it possible to do greater level of bi-directional interaction among stake holders like customer, generation units, distribution units and administrations and these leads international organization to contribute for standardization of smart grid concepts and technology so that the realization of smart grid becomes reality. Smart grid is a distributed system of very large scale by its nature and needs to integrate available legacy systems with its own security requirements. Cloud computing proven to be most efficient approach for said requirements and we have identified openstack as our cloud platform. We have integrated ABAC approach with default RBAC approach of openstack and provide a frame work that supports and integrate multiple access control polices in making authorization decisions. Smart grid domain in considered as case study which requires support of multiple access policies (RBAC, ABAC or DAC etc) with our model for access control and authorization