A novel image authenticationand rightful ownership detection framework based on DWT watermarking in cloud environment

Cloud computing has been highlighted by many organizations because of its benefits to use it anywhere. Efficiency, Easy access information, quick deployment, and a huge reduce of cost of using it, are some of the cloud advantages. While cost reduction is one of the great benefits of cloud, privacy protection of the users‘ data is also a significant issue of the cloud that cloud providers have to consider about. This is a vital component of the cloud‘s critical infrastructure. Cloud users use this environment to enable numerous online transactions crossways a widespread range of sectors and to exchange information. Especially, misuse of the users‘ data and private information are some of the important problems of using cloud environment. Cloud untrustworthy environment is a good area for hackers to steal user‘s stored data by Phishing and Pharming techniques. Therefore, cloud vendors should utilize easy- to-use, secure, and efficient environment. Besides they should prepare a way to access cloud services that promote data privacy and ownership protection. The more data privacy and ownership protection in cloud environment, the more users will attract to use this environment to put their important private data. In this study, a rightful ownership detection framework has been proposed to mitigate the ownership protection in cloud environment. Best methods for data privacy protection such as image authentication methods, watermarking methods and cryptographic methods, for mitigating the ownership protection problem to use in cloud environment, have been explored. Finally, efficiency and reliability of the proposed framework have been evaluated and analyzed

Prov-Trust : towards a trustworthy SGX-based data provenance system

Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed ledgers. This consensually shared and synchronized database allows anchored data to have public witness, providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust does not rely on a trusted third party to store provenance data while performing their verification using smart contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being registered after each vote session, and sealing the linking information using encryption schemes

Security Services Using Blockchains: A State of the Art Survey

This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area

Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments

The enforcement of sensitive policies in untrusted environments is still an open challenge for policy-based systems. On the one hand, taking any appropriate security decision requires access to these policies. On the other hand, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. The key challenge is how to enforce sensitive policies and protect content in untrusted environments. In the context of untrusted environments, we mainly distinguish between outsourced and distributed environments. The most attractive paradigms concerning outsourced and distributed environments are cloud computing and opportunistic networks, respectively. In this dissertation, we present the design, technical and implementation details of our proposed policy-based access control mechanisms for untrusted environments. First of all, we provide full confidentiality of access policies in outsourced environments, where service providers do not learn private information about policies. We support expressive policies and take into account contextual information. The system entities do not share any encryption keys. For complex user management, we offer the full-fledged Role-Based Access Control (RBAC) policies. In opportunistic networks, we protect content by specifying expressive policies. In our proposed approach, brokers match subscriptions against policies associated with content without compromising privacy of subscribers. As a result, unauthorised brokers neither gain access to content nor learn policies and authorised nodes gain access only if they satisfy policies specified by publishers. Our proposed system provides scalable key management in which loosely-coupled publishers and subscribers communicate without any prior contact. Finally, we have developed a prototype of the system that runs on real smartphones and analysed its performance.Comment: Ph.D. Dissertation. http://eprints-phd.biblio.unitn.it/1124

Scalable And Secure Provenance Querying For Scientific Workflows And Its Application In Autism Study

In the era of big data, scientific workflows have become essential to automate scientific experiments and guarantee repeatability. As both data and workflow increase in their scale, requirements for having a data lineage management system commensurate with the complexity of the workflow also become necessary, calling for new scalable storage, query, and analytics infrastructure. This system that manages and preserves the derivation history and morphosis of data, known as provenance system, is essential for maintaining quality and trustworthiness of data products and ensuring reproducibility of scientific discoveries. With a flurry of research and increased adoption of scientific workflows in processing sensitive data, i.e., health and medication domain, securing information flow and instrumenting access privileges in the system have become a fundamental precursor to deploying large-scale scientific workflows. That has become more important now since today team of scientists around the world can collaborate on experiments using globally distributed sensitive data sources. Hence, it has become imperative to augment scientific workflow systems as well as the underlying provenance management systems with data security protocols. Provenance systems, void of data security protocol, are susceptible to vulnerability. In this dissertation research, we delineate how scientific workflows can improve therapeutic practices in autism spectrum disorders. The data-intensive computation inherent in these workflows and sensitive nature of the data, necessitate support for scalable, parallel and robust provenance queries and secured view of data. With that in perspective, we propose $OPQL^{Pig}$, a parallel, robust, reliable and scalable provenance query language and introduce the concept of access privilege inheritance in the provenance systems. We characterize desirable properties of role-based access control protocol in scientific workflows and demonstrate how the qualities are integrated into the workflow provenance systems as well. Finally, we describe how these concepts fit within the DATAVIEW workflow management system

Modelo de acontecimientos para la persistencia

Se definen modelos y estructuras que permiten ayudar a la mejora de los procesos en dos vertientes: (1) mejorando los sistemas de monitorización existentes para la optimización de los procesos de negocio y (2) mejorando la información que se utiliza en los métodos de asignación de tareas para la ejecución de las tareas de los procesos por los recursos más adecuados. Para lograr estos propósitos, en la tesis se realiza una evolución de la consideración clásica de las bases de datos, en la que el dato es la unidad mínima de información, para definir una estructura que almacena como unidad mínima el conocimiento asociado a un hecho ocurrido en los procesos de negocio, el acontecimiento. El concepto de acontecimiento posibilita almacenar en una misma estructura información que se necesita conocer sobre un hecho que se produzca en un sistema: qué ha ocurrido, quién lo ha realizado y cuándo se ha producido. Para ello, el acontecimiento se define como una estructura identificable e indivisible de acuerdo a tres dimensiones: guía ¿los aconteceres que ocurren-, estructura ¿los objetos de los aconteceres- y comportamiento ¿el efecto de los aconteceres, los cambios de estado o de la información asociada de los objetos-. La explotación de este conocimiento, almacenado en las bases de acontecimientos, nos permite obtener la historia de cualquier objeto del sistema, obteniendo la línea de vida de todos los acontecimientos que le han ocurrido en el transcurso del tiempo

Umsetzung des datenschutzrechtlichen Auskunftsanspruchs auf Grundlage von Usage-Control und Data-Provenance-Technologien

Die Komplexität moderner Informationssysteme erschwert die Nachvollziehbarkeit der Verarbeitung personenbezogener Daten. Der einzelne Bürger ist den Systemen quasi ausgeliefert. Das Datenschutzrecht versucht dem entgegenzuwirken. Ein Werkzeug des Datenschutzes zur Herstellung von Transparenz ist der Auskunftsanspruch. Diese Arbeit unterzieht das Recht auf Auskunft einer kritischen Würdigung und schafft umfassende technische Voraussetzungen für dessen Wahrnehmung