59 research outputs found
Network traffic analysis for threats detection in the Internet of Things
As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Users cannot be expected to tackle this threat alone, and many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user, which is a gap that needs to be addressed. This article presents an effective signature-based solution to monitor, analyze, and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilizing passive network sniffing techniques and a cloud application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35 percent of malicious DNS traffic and 99.33 percent of Telnet traffic for an overall detection accuracy of 98.84 percent
PAbAC : a privacy preserving attribute based framework for fine grained access control in clouds
Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted
servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner
for key distribution and data management when fine-grained data access control is desired. In addition, access
control policies as well as usersâ access patterns are also considered as sensitive information that should be
protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing
outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data ownerâs side, while providing the desired expressiveness of the access control
policies. Second, PAbAC preserves usersâ privacy, while hiding any identifying information used to satisfy
the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in
remote servers, at both the client and the cloud provider side
PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT
Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible usersâ privacy leakage.
In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, usersâ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments
Constant-size threshold attribute based SignCryption for cloud applications
In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely
sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving usersâ privacy as the identifying information for satisfying the access
control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and
anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability
between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost
and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive
Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption
that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the
Computational Diffie Hellman Assumption (CDH) are hard
Privacy Enhancing Technologies for solving the privacy-personalization paradox : taxonomy and survey
Personal data are often collected and processed in a decentralized fashion, within
different contexts. For instance, with the emergence of distributed applications,
several providers are usually correlating their records, and providing personalized services to their clients. Collected data include geographical and indoor
positions of users, their movement patterns as well as sensor-acquired data that
may reveal usersâ physical conditions, habits and interests. Consequently, this
may lead to undesired consequences such as unsolicited advertisement and even
to discrimination and stalking. To mitigate privacy threats, several techniques
emerged, referred to as Privacy Enhancing Technologies, PETs for short.
On one hand, the increasing pressure on service providers to protect usersâ privacy resulted in PETs being adopted. One the other hand, service providers
have built their business model on personalized services, e.g. targeted ads and
news. The objective of the paper is then to identify which of the PETs have the
potential to satisfy both usually divergent - economical and ethical - purposes.
This paper identifies a taxonomy classifying eight categories of PETs into three
groups, and for better clarity, it considers three categories of personalized services. After defining and presenting the main features of PETs with illustrative
examples, the paper points out which PETs best fit each personalized service
category.
Then, it discusses some of the inter-disciplinary privacy challenges that may
slow down the adoption of these techniques, namely: technical, social, legal and
economic concerns. Finally, it provides recommendations and highlights several
research directions
PROUD : verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications
The ever-growing number of Internet connected devices poses several cybersecurity risks. Most of the exchanged data between the
Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based
SignCryption (ABSC) is a powerful cryptographic mechanism suitable for distributed environments, providing flexible access
control and data secrecy. However, it imposes high designcryption costs, and does not support access policy update (user
addition/revocation). This paper presents PROUD, an ABSC solution, to securely outsource data designcryption process to edge
servers in order to reduce the computation overhead on the user side. PROUD allows end-users to offload most of the
designcryption overhead to an edge server and verify the correctness of the received partially designcrypted data from the edge
server. Moreover, PROUD provides the access policy update feature with neither involving a proxy-server, nor re-signcrypting the
signcrypted message and re-distributing the usersâ secret keys. The access policy update feature in PROUD does not affect the size
of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical and
experimental analysis prove that PROUD outperforms existing schemes in terms of functionality, communication and computation
overhead
A Service-Oriented Approach for Sensing in the Internet of Things: Intelligent Transportation Systems and Privacy Use Cases
This paper presents a Sensing-as-a-Service run-time Service Oriented Architecture (SOA), called 3SOA, for the development of Internet of Things (IoT) applications. 3SOA aims to allow interoperability among various IoT platforms and support service-oriented modelling at high levels of abstraction where fundamental SOA theories and techniques are fully integrated into a practical software engineering approach. 3SOA abstracts the dependencies of the middleware programming model from the application logic. This abstraction allows the development efforts to focus on writing the application logic independently from hardware platforms, middleware, and languages in which applications are programmed. To achieve this result, IoT objects are treated as independent entities that may interact with each other using a well-defined message exchange sequence. Each object is defined by the services it provides and the coordination protocol it supports. Objects are then able to coordinate their resources to address the global objectives of the system. To practically validate our proposals, we demonstrate an intelligent transportation system and data privacy functional prototypes as proof of concepts. The use cases show that 3SOA and the presented abstraction language allow the amalgamation of macroprogramming and node-centric programming to develop real-time and efficient applications over IoT
Security challenges of Internet of Underwater Things : a systematic literature review
Water covers approximately 71% of the earth surface, yet much of the underwater world remains unexplored due to technology limitations. Internet of Underwater
Things (IoUT) is a network of underwater objects that enables monitoring subsea environment remotely. Underwater Wireless Sensor Network (UWSN) is the
main enabling technology for IoUT. UWSNs are characterised by the limitations
of the underlying acoustic communication medium, high energy consumption, lack
of hardware resources to implement computationally intensive tasks and dynamic
network topology due to node mobility. These characteristics render UNWSNs vulnerable to different attacks, such as Wormhole, Sybil, flooding, jamming, spoofing
and Denial of Service (DoS) attacks. This article reviews peer-reviewed literature
that addresses the security challenges and attacks on UWSNs as well as possible
mitigative solutions. Findings show that the biggest contributing factors to security threats in UWSNs are the limited energy supply, the limited communication
medium and the harsh underwater communication conditions. Researchers in this
field agree that the security measures of terrestrial wireless sensor networks are not
directly applicable to UWSNs due to the unique nature of the underwater environment where resource management becomes a significant challenge. This article also
outlines future research directions on security and privacy challenges of IoUT and
UWSN
Penile hair coil strangulation of the child
AbstractWe report the case of a child with a delayed presentation of penile strangulation with a coil of hair that resulted in a complete transection of the urethra. Hair coil strangulation of the penis is uncommon. It is also known as penile Tourniquet syndrome. It has been reported with circumcised and uncircumcised penises and it can lead to serious complications like the amputation of the penis. Prompt diagnosis and treatment are necessary to prevent complications
- âŠ