172 research outputs found

    An assessment of blockchain consensus protocols for the Internet of Things

    Get PDF
    In a few short years the Internet of Things has become an intrinsic part of everyday life, with connected devices included in products created for homes, cars and even medical equipment. But its rapid growth has created several security problems, with respect to the transmission and storage of vast amounts of customers data, across an insecure heterogeneous collection of networks. The Internet of Things is therefore creating a unique set of risk and problems that will affect most households. From breaches in confidentiality, which could allow users to be snooped on, through to failures in integrity, which could lead to consumer data being compromised; devices are presenting many security challenges to which consumers are ill equipped to protect themselves from. Moreover, when this is coupled with the heterogeneous nature of the industry, and the interoperable and scalability problems it becomes apparent that the Internet of Things has created an increased attack surface from which security vulnerabilities may be easily exploited. However, it has been conjectured that blockchain may provide a solution to the Internet of Things security and scalability problems. Because of blockchain’s immutability, integrity and scalability, it is possible that its architecture could be used for the storage and transfer of Internet of Things data. Within this paper a cross section of blockchain consensus protocols have been assessed against a requirement framework, to establish each consensus protocols strengths and weaknesses with respect to their potential implementation in an Internet of Things blockchain environment

    Cloud data security and various cryptographic algorithms

    Get PDF
    Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space

    Securing the home network

    Get PDF

    The Use of Software Design Patterns to Teach Secure Software Design: An Integrated Approach

    Get PDF
    Part 2: Software Security EducationInternational audienceDuring software development, security is often dealt with as an add-on. This means that security considerations are not necessarily seen as an integral part of the overall solution and might even be left out of a design. For many security problems, the approach towards secure development has recurring elements. Software design patterns are often used to address a commonly occurring problem through a “generic” approach towards this problem. The design pattern provides a conceptual model of a best-practices solution, which in turn is used by developers to create a concrete implementation for their specific problem. Most software design patterns do not include security best-practices as part of the generic solution towards the commonly occurring problem. This paper proposes an extension to the widely used MVC pattern that includes current security principles in order to teach secure software design in an integrated fashion

    A Blind Signature Scheme using Biometric Feature Value

    Get PDF
    Blind signature has been one of the most charming research fields of public key cryptography through which authenticity, data integrity and non-repudiation can be verified. Our research is based on the blind signature schemes which are based on two hard problems – Integer factorization and discrete logarithm problems. Here biological information like finger prints, iris, retina DNA, tissue and other features whatever its kind which are unique to an individual are embedded into private key and generate cryptographic key which consists of private and public key in the public key cryptosystem. Since biological information is personal identification data, it should be positioned as a personal secret key for a system. In this schemes an attacker intends to reveal the private key knowing the public key, has to solve both the hard problems i.e. for the private key which is a part of the cryptographic key and the biological information incorporated in it. We have to generate a cryptographic key using biometric data which is called biometric cryptographic key and also using that key to put signature on a document. Then using the signature we have to verify the authenticity and integrity of the original message. The verification of the message ensures the security involved in the scheme due to use of complex mathematical equations like modular arithmetic and quadratic residue as well

    Rule-based conditional trust with OpenPGP.

    Get PDF
    This thesis describes a new trust model for OpenPGP encryption. This trust model uses conditional rule-based trust to establish key validity and trust. This thesis describes Trust Rules that may be used to sort and categorize keys automatically without user interaction. Trust Rules are also capable of integrating key revocation status into its calculations so it too is automated. This thesis presents that conditional trust established through Trust Rules can enforce stricter security while reducing the burden of use and automating the process of key validity, trust, and revocation
    corecore