Intelligent conditional collaborative private data sharing

With the advent of distributed systems, secure and privacy-preserving data sharing between different entities (individuals or organizations) becomes a challenging issue. There are several real-world scenarios in which different entities are willing to share their private data only under certain circumstances, such as sharing the system logs when there is indications of cyber attack in order to provide cyber threat intelligence. Therefore, over the past few years, several researchers proposed solutions for collaborative data sharing, mostly based on existing cryptographic algorithms. However, the existing approaches are not appropriate for conditional data sharing, i.e., sharing the data if and only if a pre-defined condition is satisfied due to the occurrence of an event. Moreover, in case the existing solutions are used in conditional data sharing scenarios, the shared secret will be revealed to all parties and re-keying process is necessary. In this work, in order to address the aforementioned challenges, we propose, a “conditional collaborative private data sharing” protocol based on Identity-Based Encryption and Threshold Secret Sharing schemes. In our proposed approach, the condition based on which the encrypted data will be revealed to the collaborating parties (or a central entity) could be of two types: (i) threshold, or (ii) pre-defined policy. Supported by thorough analytical and experimental analysis, we show the effectiveness and performance of our proposal

NEW SECURE SOLUTIONS FOR PRIVACY AND ACCESS CONTROL IN HEALTH INFORMATION EXCHANGE

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing of patients’ health information. The first solution allows secure HIE among different healthcare providers while focusing primarily on the privacy of patients’ information. It allows patients to authorize a certain type of health information to be retrieved, which helps prevent any unintentional leakage of information. The privacy solution also provides healthcare providers with the capability of mutual authentication and patient authentication. It also ensures the integrity and auditability of health information being exchanged. The security and performance study for the first protocol shows that it is efficient for the purpose of HIE and offers a high level of security for such exchanges. The second framework presents a new cloud-based protocol for access control to facilitate HIE across different HCOs, employing a trapdoor hash-based proxy signature in a novel manner to enable secure (authenticated and authorized) on-demand access to patient records. The proposed proxy signature-based scheme provides an explicit mechanism for patients to authorize the sharing of specific medical information with specific HCOs, which helps prevent any undesired or unintentional leakage of health information. The scheme also ensures that such authorizations are authentic with respect to both the HCOs and the patient. Moreover, the use of proxy signatures simplifies security auditing and the ability to obtain support for investigations by providing non-repudiation. Formal definitions, security specifications, and a detailed theoretical analysis, including correctness, security, and performance of both frameworks are provided which demonstrate the improvements upon other existing HIE systems

Coercion-resistant Proxy Voting

In general, most elections follow the principle of equality, or as it came to be known, the principle of “one man – one vote”. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting

Extending Helios Towards Private Eligibility Verifiability

We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness

Group Authentication Scheme for Neighbourhood Area Networks(NANs) In Smart Grids

A Neighbourhood Area Network is a functional component of the Smart Grid that interconnects the end user domain with the Energy Services Provider (ESP) domain. It forms the “edge” of the provider network, interconnecting homes instrumented with Smart Meters (SM) with the ESP. The SM is a dual interface, wireless communication device through which information is transacted across the user (a home) and ESP domains. The security risk to the ESP increases since the components within the home, interconnected to the ESP via the SM, are not managed by the ESP. Secure operation of the SM is a necessary requirement. The SM should be resilient to attacks, which might be targeted either directly or via the network in the home. This paper presents and discusses a security scheme for groups of SMs in a Neighbourhood Area Network that enable entire groups to authenticate themselves, rather than one at a time. The results show that a significant improvement in terms of resilience against node capture attacks, replay attacks, confidentiality, authentication for groups of SMs in a NAN that enable entire groups to authenticate themselves, rather than one at a time