A cryptographic cloud-based approach for the mitigation of the airline cargo cancellation problem

In order to keep in good long-term relationships with their main customers, Airline Cargo companies do not impose any fee for last minute cancellations of shipments. As a result, customers can book the same shipment on several cargo companies. Cargo companies try to balance cancellations by a corresponding volume of overbooking. However, the considerable uncertainty in the number of cancellations does not allow to fine-tune the optimal overbooking level, causing losses. In this work, we show how the deployment of cryptographic techniques, enabling the computation on private information of customers and companies data can improve the overall service chain, allowing for striking and enforcing better agreements. We propose a query system based on proxy re-encryption and show how the relevant information can be extracted, still preserving the privacy of customers\u2019 data. Furthermore, we provide a Game Theoretic model of the use case scenario and show that it allows a more accurate estimate of the cancellation rates. This supports the reduction of the uncertainty and allows to better tune the overbooking level

Design and Analysis of a True Random Number Generator Based on GSR Signals for Body Sensor Networks

This article belongs to the Section Internet of ThingsToday, medical equipment or general-purpose devices such as smart-watches or smart-textiles can acquire a person's vital signs. Regardless of the type of device and its purpose, they are all equipped with one or more sensors and often have wireless connectivity. Due to the transmission of sensitive data through the insecure radio channel and the need to ensure exclusive access to authorised entities, security mechanisms and cryptographic primitives must be incorporated onboard these devices. Random number generators are one such necessary cryptographic primitive. Motivated by this, we propose a True Random Number Generator (TRNG) that makes use of the GSR signal measured by a sensor on the body. After an exhaustive analysis of both the entropy source and the randomness of the output, we can conclude that the output generated by the proposed TRNG behaves as that produced by a random variable. Besides, and in comparison with the previous proposals, the performance offered is much higher than that of the earlier works.This work was supported by the Spanish Ministry of Economy and Competitiveness under the contract ESP-2015-68245-C4-1-P, by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV), and by the Comunidad de Madrid (Spain) under the project CYNAMON (P2018/TCS-4566), co-financed by European Structural Funds (ESF and FEDER). This research was also supported by the Interdisciplinary Research Funds (HTC, United Arab Emirates) under the grant No. 103104

Privacy Preserving Shortest Path Queries on Directed Graph

Trust relation in this work refers to permission that is given to a user at source-host to access another user at target-host through an authentication key with a unique fingerprint. We form a directed graph out of these trust relations, such that user-host pairs are considered as nodes and fingerprints as arrows. We present a novel protocol to query the shortest path from node A to node B, in a privacy preserving manner. We would like to use a cloud to perform such queries, but we do not allow the cloud to learn any information about the graph, nor the query. Also the database owner is prevented from learning any information about the query, except that it happened

Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case

The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be addressed immediately, as the increasing use of new communication paradigms and the abundant use of sensors opens up new opportunities to compromise these types of systems. In this sense, technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes that incorporate sensors and perform continuous measurements. These technologies, coupled with new communication paradigms such as Blockchain, offer a high reliability, robustness and good interoperability between them. This paper proposes the design of a secure sensor incorporating the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core architecture. Through this combination of technologies, one of the cores collects the data extracted by the sensors and implements the security mechanisms to guarantee the integrity of these data, while the remaining core is responsible for sending these data through the appropriate communication protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally, to illustrate the application of this concept, a use case applied to wine logistics is described, where this secure sensor is integrated into a Blockchain that collects data from the storage and transport of barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project “Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number 101092950FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2

Agents in a privacy-preserving world

Privacy is a fluid concept. It is both difficult to define and difficult to achieve. The large amounts of data currently available at hands of companies and administrations increase individual concerns on what is yet to be known about us. For the sake of penalisation and customisation, we often need to give up and supply information that we consider sensitive and private. Other sensitive information is inferred from information that seems harmless. Even when we explicitly require privacy and anonymity, profiling and device fingerprinting may disclose information about us leading to reidentification. Mobile devices and the internet of things make keeping our live private still more difficult. Agent technologies can play a fundamental role to provide privacy-aware solutions. Agents are inherently suitable in the heterogeneous environment in which our devices work, and we can delegate to them the task of protecting our privacy. Agents should be able to reason about our privacy requirements, and may collaborate (or not) with other agents to help us to achieve our privacy goals. We are presented in the connected world with multiple interests, profiles, and also through multiple agentified devices. We envision our agentified devices to collaborate among themselves and with other devices so that our privacy preferences are satisfied. We believe that this is an overlooked field. Our work intends to start shedding some light on the topic by outlining the requirements and challenges where agent technologies can provide a decisive role

DCSS protocol for data caching and sharing security in a 5G network

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted