Roadmap on optical security

Postprint (author's final draft

C-NEST: cloudlet based privacy preserving multidimensional data stream approach for healthcare electronics.

The Medical Internet of Things (MIoT) facilitates extensive connections between cyber and physical "things" allowing for effective data fusion and remote patient diagnosis and monitoring. However, there is a risk of incorrect diagnosis when data is tampered with from the cloud or a hospital due to third-party storage services. Most of the existing systems use an owner-centric data integrity verification mechanism, which is not computationally feasible for lightweight wearable-sensor systems because of limited computing capacity and privacy leakage issues. In this regard, we design a 2-step Privacy-Preserving Multidimensional Data Stream (PPMDS) approach based on a cloudlet framework with an Uncertain Data-integrity Optimization (UDO) model and Sparse-Centric SVM (SCS) model. The UDO model enhances health data security with an adaptive cryptosystem called Cloudlet-Nonsquare Encryption Secret Transmission (C-NEST) strategy by avoiding medical disputes during data streaming based on novel signature and key generation strategies. The SCS model effectively classifies incoming queries for easy access to data by solving scalability issues. The cloudlet server measures data integrity and authentication factors to optimize third-party verification burden and computational cost. The simulation outcomes show that the proposed system optimizes average data leakage error rate by 27%, query response time and average data transmission time are reduced by 31%, and average communication-computation cost are reduced by 61% when measured against state-of-the-art approaches

Continuous Operator Authentication for Teleoperated Systems Using Hidden Markov Models [post-print]

In this article, we present a novel approach for continuous operator authentication in teleoperated robotic processes based on Hidden Markov Models (HMM). While HMMs were originally developed and widely used in speech recognition, they have shown great performance in human motion and activity modeling. We make an analogy between human language and teleoperated robotic processes (i.e., words are analogous to a teleoperator\u27s gestures, sentences are analogous to the entire teleoperated task or process) and implement HMMs to model the teleoperated task. To test the continuous authentication performance of the proposed method, we conducted two sets of analyses. We built a virtual reality (VR) experimental environment using a commodity VR headset (HTC Vive) and haptic feedback enabled controller (Sensable PHANToM Omni) to simulate a real teleoperated task. An experimental study with 10 subjects was then conducted. We also performed simulated continuous operator authentication by using the JHU-ISI Gesture and Skill Assessment Working Set (JIGSAWS). The performance of the model was evaluated based on the continuous (real-time) operator authentication accuracy as well as resistance to a simulated impersonation attack. The results suggest that the proposed method is able to achieve 70% (VR experiment) and 81% (JIGSAWS dataset) continuous classification accuracy with as short as a 1-second sample window. It is also capable of detecting an impersonation attack in real-time

Improved Internet Security Protocols Using Cryptographic One-Way Hash Chains

In this dissertation, new approaches that utilize the one-way cryptographic hash functions in designing improved network security protocols are investigated. The proposed approaches are designed to be scalable and easy to implement in modern technology. The first contribution explores session cookies with emphasis on the threat of session hijacking attacks resulting from session cookie theft or sniffing. In the proposed scheme, these cookies are replaced by easily computed authentication credentials using Lamport\u27s well-known one-time passwords. The basic idea in this scheme revolves around utilizing sparse caching units, where authentication credentials pertaining to cookies are stored and fetched once needed, thereby, mitigating computational overhead generally associated with one-way hash constructions. The second and third proposed schemes rely on dividing the one-way hash construction into a hierarchical two-tier construction. Each tier component is responsible for some aspect of authentication generated by using two different hash functions. By utilizing different cryptographic hash functions arranged in two tiers, the hierarchical two-tier protocol (our second contribution) gives significant performance improvement over previously proposed solutions for securing Internet cookies. Through indexing authentication credentials by their position within the hash chain in a multi-dimensional chain, the third contribution achieves improved performance. In the fourth proposed scheme, an attempt is made to apply the one-way hash construction to achieve user and broadcast authentication in wireless sensor networks. Due to known energy and memory constraints, the one-way hash scheme is modified to mitigate computational overhead so it can be easily applied in this particular setting. The fifth scheme tries to reap the benefits of the sparse cache-supported scheme and the hierarchical scheme. The resulting hybrid approach achieves efficient performance at the lowest cost of caching possible. In the sixth proposal, an authentication scheme tailored for the multi-server single sign-on (SSO) environment is presented. The scheme utilizes the one-way hash construction in a Merkle Hash Tree and a hash calendar to avoid impersonation and session hijacking attacks. The scheme also explores the optimal configuration of the one-way hash chain in this particular environment. All the proposed protocols are validated by extensive experimental analyses. These analyses are obtained by running simulations depicting the many scenarios envisioned. Additionally, these simulations are supported by relevant analytical models derived by mathematical formulas taking into consideration the environment under investigation

The Internet of Everything

In the era before IoT, the world wide web, internet, web 2.0 and social media made people’s lives comfortable by providing web services and enabling access personal data irrespective of their location. Further, to save time and improve efficiency, there is a need for machine to machine communication, automation, smart computing and ubiquitous access to personal devices. This need gave birth to the phenomenon of Internet of Things (IoT) and further to the concept of Internet of Everything (IoE)