An Effective Private Data storage and Retrieval System using Secret sharing scheme based on Secure Multi-party Computation

Privacy of the outsourced data is one of the major challenge.Insecurity of the network environment and untrustworthiness of the service providers are obstacles of making the database as a service.Collection and storage of personally identifiable information is a major privacy concern.On-line public databases and resources pose a significant risk to user privacy, since a malicious database owner may monitor user queries and infer useful information about the customer.The challenge in data privacy is to share data with third-party and at the same time securing the valuable information from unauthorized access and use by third party.A Private Information Retrieval(PIR) scheme allows a user to query database while hiding the identity of the data retrieved.The naive solution for confidentiality is to encrypt data before outsourcing.Query execution,key management and statistical inference are major challenges in this case.The proposed system suggests a mechanism for secure storage and retrieval of private data using the secret sharing technique.The idea is to develop a mechanism to store private information with a highly available storage provider which could be accessed from anywhere using queries while hiding the actual data values from the storage provider.The private information retrieval system is implemented using Secure Multi-party Computation(SMC) technique which is based on secret sharing. Multi-party Computation enable parties to compute some joint function over their private inputs.The query results are obtained by performing a secure computation on the shares owned by the different servers.Comment: Data Science & Engineering (ICDSE), 2014 International Conference, CUSA

Third Party Risk Management and Cyber Supply Chain Risk Management

Today’s business environment continues to be a challenge. Businesses whether small, or large leverage third-party vendors to provide critical services like data handling (security, transmitting, and storage), cloud storage/applications, and systems security monitoring. Each business must ask themselves a few simple questions about one of their most valuable assets “Data”. If or when it leaves your secure working environment: How secure is your customer data in transit and storage? Do your third-party vendors handle your “critical information”? Provide a secure environment for processing? Comply with a proven Cyber Security Framework? Perform a “Due Diligence” on-boarding step for the Nth vendors (how many vendors handles your specific data) in your cyber supply chain? Follow security agreements and service level agreements catered to information security? Ensure data privacy is an important element of their InfoSec Program? It is more important than ever for businesses that handle proprietary information, personal identifiable information and protected health information to understand the threats and risk management practices to ensure “Critical Information” is secure. These questions and more will be covered in this webinar

A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture

During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today�s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a user space application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.Approved for public release; distribution is unlimited

Persona Concept for Privacy and Authentication

This paper describes ongoing research and development aimed at creating a trustworthy software-based model called the Persona Concept.  The “Persona Architecture” uses “web services” to implement this model and is designed to provide the consumer direct control over their identity, credentials and private data.  Credentials are expressed as third-party assertions encapsulated in certificates using Secure Assertion Markup Language (SAML) and are digitally signed. The architecture also supports distributed management of electronic credentials and aims at operating across various fixed and mobile platforms including cell phones and wireless Portable Digital Assistants(PDA’s)

Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective

Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions. In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system. At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms

A Survey on Securing Images in Cloud Using Third Party Authentication

With the advancement of digital media and storage technology, large-scale image datasets are being exponentially generated today, image dataset categories such as medical images, satellite images each dataset contains thousands of images for further processing or study. Along with such fast-growing trend to image storage management systems to cloud it still faces a number of fundamental and critical challenges, among which storage space and security is the top concern. To ensure the correctness of user and user’s data in the cloud, we propose third party authentication system. In addition to simplified image storage and secure image acquisition, one can also apply compressed encryption for the purpose of storage overhead reduction. Finally we will perform security and performance analysis which shows that the proposed scheme is highly efficient for maintaining storage space and secure data acquisition

A Comparison of the Query Execution Algorithms in Secure Database System

In accordance with the database management, DAS(Database as Service) model is one solution for outsourcing. However, we need some data protection mechanisms in order to maintain the database security The most effective algorithm to secure databases from the security threat of third party attackers is to encrypt the sensitive data within the database. However, once we encrypt the sensitive data, we have difficulties in queries execution on the encrypted database. In this paper, we focus on the search process on the encrypted database. We proposed the selective tuple encryption method using Bloom Filter which could tell us the existence of the data. Finally, we compare the search performance between the proposed method and the other encryption methods we know

MITIGATING LOAN ASSOCIATED FINANCIAL RISK USING BLOCKCHAIN BASED LENDING SYSTEM

Lending systems in real world are not much secure and reliable as the borrower and third parties involved in this aspect may create various deceitful situations. Blockchain is a secure system where the utilization of smart contract can avoid deceptive phenomena involved in lending but the decline in exchange rate of cryptocurrency can create the opportunity to pay back less than the borrowed amount in terms of fiat money. In this paper, a blockchain and smart contract-based lending framework is designed which requires the borrower to provide Ethereum Request for Comments (ERC)-20 standard tokens as collateral to mitigate the associated risks. The smart contract feature is utilized to automate the system without any third-party management. Besides, transaction stored in the blocks creates transparency among the users of the system. To tackle the aforementioned issues, ERC-20 token value is increased periodically and the instability of the exchange rate is surveilled by the system. By the end of this paper, some test cases and charts relevant to the data set are evaluated to assess the effectiveness of the system