An efficient solution for privacy-preserving, secure remote access to sensitive data

Sharing data that contains personally identifiable or sensitive information, such as medical records, always has privacy and security implications. The issues can become rather complex when the methods of access can vary, and accurate individual data needs to be provided whilst mass data release for specific purposes (for example for medical research) also has to be catered for. Although various solutions have been proposed to address the different aspects individually, a comprehensive approach is highly desirable. This paper presents a solution for maintaining the privacy of data released en masse in a controlled manner, and for providing secure access to the original data for authorized users. The results show that the solution is provably secure and maintains privacy in a more efficient manner than previous solutions

Generating Private Recommendation System Using Multiple Homomorphic Encryption Scheme

The recommender system is important tool in online application to generate the recommendation services. Recommendations are generated by collecting the data from users need; online services access the user’s profiles for generating useful recommendations. Privacy sensitive data is used for to collect the data. Collaborative filtering technique gives privacy for sensitive data if data is misused by other service providers or leaked. Existing system uses Paillier encryption algorithm & DGK algorithm to secure user data from malicious third party as well as to protect the private data against service provider but system is more complex and inefficient. Proposed system protects the privacy of user using encrypting the sensitive data. The system uses multiple homomorphic algorithms to secure user data from service providers. The system is used to protect the confidential data of user against the service provider while providing online services. Encrypting private data is recommended and process on data to generate recommendations. To construct efficient system that does not require the active participation of the user. The experiment shows that the result that provide the security by hiding the personal data of user from third party DOI: 10.17762/ijritcc2321-8169.15076

Hardware Design and Implementation of Role-Based Cryptography

Traditional public key cryptographic methods provide access control to sensitive data by allowing the message sender to grant a single recipient permission to read the encrypted message. The Need2Know® system (N2K) improves upon these methods by providing role-based access control. N2K defines data access permissions similar to those of a multi-user file system, but N2K strictly enforces access through cryptographic standards. Since custom hardware can efficiently implement many cryptographic algorithms and can provide additional security, N2K stands to benefit greatly from a hardware implementation. To this end, the main N2K algorithm, the Key Protection Module (KPM), is being specified in VHDL. The design is being built and tested incrementally: this first phase implements the core control logic of the KPM without integrating its cryptographic sub-modules. Both RTL simulation and formal verification are used to test the design. This is the first N2K implementation in hardware, and it promises to provide an accelerated and secured alternative to the software-based system. A hardware implementation is a necessary step toward highly secure and flexible deployments of the N2K system

Concept of Trusted Transaction for Secure Cloud Transactions

In this project, we are providing accuracy and improving performance of cloud transactions in distributed transactional database system deployed over cloud servers. Data transfer from one system to another means data will be transferred from system to database through third-party service, this third party provide the service of the transaction manager. A distributed transactional data stored in database has access to one or more systems or suitable users (it is not system to system connection but it is database to user, client and cloud server connection). The transaction manager checks if the users, client have the privileges by checking their credentials and based on that he gives permissions This is called as host connection (Cloud server) for data accessing. Storing the data in to cloud server means it is a global storage any one can access after checking the policy based authorization system which protect the sensitive data. It enables only suitable users to access the data. Two-Phase Validation Commit (2PVC) protocol ensures that a transaction is safe and secure by checking if the user is authorized or not and then checks again if he has permissions or not. This improve the security and performance

SecureKeeper: confidential zooKeeper using intel SGX

Cloud computing, while ubiquitous, still suffers from trust issues, especially for applications managing sensitive data. Third-party coordination services such as ZooKeeper and Consul are fundamental building blocks for cloud applications, but are exposed to potentially sensitive application data. Recently, hardware trust mechanisms such as Intel's Software Guard Extensions (SGX) offer trusted execution environments to shield application data from untrusted software, including the privileged Operating System (OS) and hypervisors. Such hardware support suggests new options for securing third-party coordination services. We describe SecureKeeper, an enhanced version of the ZooKeeper coordination service that uses SGX to preserve the confidentiality and basic integrity of ZooKeeper-managed data. SecureKeeper uses multiple small enclaves to ensure that (i) user-provided data in ZooKeeper is always kept encrypted while not residing inside an enclave, and (ii) essential processing steps that demand plaintext access can still be performed securely. SecureKeeper limits the required changes to the ZooKeeper code base and relies on Java's native code support for accessing enclaves. With an overhead of 11%, the performance of SecureKeeper with SGX is comparable to ZooKeeper with secure communication, while providing much stronger security guarantees with a minimal trusted code base of a few thousand lines of code

Cryptographic Tools for Privacy Preservation

Data permeates every aspect of our daily life and it is the backbone of our digitalized society. Smartphones, smartwatches and many more smart devices measure, collect, modify and share data in what is known as the Internet of Things.Often, these devices don’t have enough computation power/storage space thus out-sourcing some aspects of the data management to the Cloud. Outsourcing computation/storage to a third party poses natural questions regarding the security and privacy of the shared sensitive data.Intuitively, Cryptography is a toolset of primitives/protocols of which security prop- erties are formally proven while Privacy typically captures additional social/legislative requirements that relate more to the concept of “trust” between people, “how” data is used and/or “who” has access to data. This thesis separates the concepts by introducing an abstract model that classifies data leaks into different types of breaches. Each class represents a specific requirement/goal related to cryptography, e.g. confidentiality or integrity, or related to privacy, e.g. liability, sensitive data management and more.The thesis contains cryptographic tools designed to provide privacy guarantees for different application scenarios. In more details, the thesis:(a) defines new encryption schemes that provide formal privacy guarantees such as theoretical privacy definitions like Differential Privacy (DP), or concrete privacy-oriented applications covered by existing regulations such as the European General Data Protection Regulation (GDPR);(b) proposes new tools and procedures for providing verifiable computation’s guarantees in concrete scenarios for post-quantum cryptography or generalisation of signature schemes;(c) proposes a methodology for utilising Machine Learning (ML) for analysing the effective security and privacy of a crypto-tool and, dually, proposes a secure primitive that allows computing specific ML algorithm in a privacy-preserving way;(d) provides an alternative protocol for secure communication between two parties, based on the idea of communicating in a periodically timed fashion

An Embedded Biometric Sensor for Ubiquitous Authentication

Communication networks and distributed technologies move people towards the era of ubiquitous computing. An ubiquitous environment needs many authentication sensors for users recognition, in order to provide a secure infrastructure for both user access to resources and services and information management. Today the security requirements must ensure secure and trusted user information to protect sensitive data resource access and they could be used for user traceability inside the platform. Conventional authentication systems, based on username and password, are in crisis since they are not able to guarantee a suitable security level for several applications. Biometric authentication systems represent a valid alternative to the conventional authentication systems providing a flexible einfrastructure towards an integrated solution supporting the requirement for improved inter-organizational functionality. In this work the study and the implementation of a fingerprintsbased embedded biometric system is proposed. Typical strategies implemented in Identity Management Systems could be useful to protect biometric information. The proposed sensor can be seen as a self-contained sensor: it performs the all elaboration steps on board, a necessary requisite to strengthen security, so that sensible data are securely managed and stored inside the sensor, without any data leaking out. The sensor has been prototyped via an FPGA-based platform achieving fast execution time and a good final throughput. Resources used, elaboration times of the sensor are reported. Finally, recognition rates of the proposed embedded biometric sensor have been evaluated considering three different databases: the FVC2002 reference database, the CSAI/Biometrika proprietary database, and the CSAI/Secugen proprietary database. The best achieved FAR and FRR indexes are respectively 1.07% and 8.33%, with an elaboration time of 183.32 ms and a working frequency of 22.5 MHz