Design a system for an approved video copyright over cloud based on biometric iris and random walk generator using watermark technique

Copyright is a tool for preventing anyone forged to copy an electronic work from another person and claim that electronic work is referred to him. Since the identity of the person is always determined by his name and biometrics, there is a concern to handle this information, to preserve the copyright. In this paper, a new idea for copyright technology is used to prove video copyright, by using blind watermarking technique, the ownership information is hidden inside video frames using linear congruential generator (LCG) for adapted the locations of vector features extracted from the name and biometric image of the owner instead of hidden the watermark in the Pseudo Noise sequences or any other feature extraction technique. When providing the watermarked vector, a statistical operation is used to increase randomization state for the amplifier factors of LCG function. LCG provides random positions where the owner's information is stored inside the video. The proposed method is not difficult to execute and can present an adaptable imperceptibility and robustness performance. The output results show the robustness of this approach based on the average PSNR of frames for the embedded in 50 frames is around 47.5 dB while the watermark remains undetectable. MSSIM values with range (0.83 to 0.99)

Smart Cameras with onboard Signcryption for Securing IoT Applications

Cameras are expected to become key sensor devices for various internet of things (IoT) applications. Since cameras often capture highly sensitive information, security is a major concern. Our approach towards data security for smart cameras is rooted on protecting the captured images by signcryption based on elliptic curve cryptography (ECC). Signcryption achieves resource-efficiency by performing data signing and encryption in a single step. By running the signcryption on the sensing unit, we can relax some security assumptions for the camera host unit which typically runs a complex software stack. We introduce our system architecture motivated by a typical case study for camera-based IoT applications, evaluate security properties and present performance results of an ARM-based implementatio

MagicPairing: Apple's Take on Securing Bluetooth Peripherals

Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing

SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

QR code based authentication method for IoT applications using three security layers

A quick response code-based authentication method (QRAM) is proposed. QRAM is applicable for lots of internet of things (IoT) applications. QRAM aims to verify requests of such an access to IoT applications. Requests are made using a quick response code (QRC). To authenticate contents of QRC, users will scan QRC to access IoT applications. To authenticate contents of QRC, three procedures are applied. QRAM contributes to IoT automatic access systems or smart applications in terms of authentication and safety of access. QRAM is evaluated in term of security factors (e.g., authentication). Computation time of authentication procedures for several IoT applications has become a considerable issue. QRAM aims to reduce computation time consumed to authenticate each QRC. Some authentication techniques still face difficulties when an IoT application requires fast response to users; therefore, QRAM aims to enhance so to meet real-time applications. Thus, QRAM is compared to several competitive methods used to verify QRC in term of computation time. Results confirmed that QRAM is faster than other competitive techniques. Besides, results have shown a high level of complexity in term of decryption time needed to deduce private contents of QRC. QRAM also is robust against unauthorized requests of access

Cloud data security and various cryptographic algorithms

Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space

MLCapsule: Guarded Offline Deployment of Machine Learning as a Service

With the widespread use of machine learning (ML) techniques, ML as a service has become increasingly popular. In this setting, an ML model resides on a server and users can query it with their data via an API. However, if the user's input is sensitive, sending it to the server is undesirable and sometimes even legally not possible. Equally, the service provider does not want to share the model by sending it to the client for protecting its intellectual property and pay-per-query business model. In this paper, we propose MLCapsule, a guarded offline deployment of machine learning as a service. MLCapsule executes the model locally on the user's side and therefore the data never leaves the client. Meanwhile, MLCapsule offers the service provider the same level of control and security of its model as the commonly used server-side execution. In addition, MLCapsule is applicable to offline applications that require local execution. Beyond protecting against direct model access, we couple the secure offline deployment with defenses against advanced attacks on machine learning models such as model stealing, reverse engineering, and membership inference