64 research outputs found
IoT database forensics : an investigation on HarperDB Security
The data that are generated by several devices in the IoT realmrequire careful and real time processing. Recently, researchers haveconcentrated on the usage of cloud databases for storing such datato improve efficiency. HarperDB aims at producing a DBMS that isrelational and non-relational simultaneously, to help journeymendevelopers creating products and servers in the IoT space. Much ofwhat the HarperDB team has talked about has been achieved, butfrom a security perspective, a lot of improvements need to be made.The team has clearly focused on the problems that exist from adatabase and data point of view, creating a structure that is unique,fast, easy to use and has great potential to grow with a startup.The functionality and ease of use of this DBMS is not in question,however as the trade-off triangle to the right suggests, this doesentail an impact to security. In this paper, using multiple forensicmethodologies, we performed an in-depth forensic analysis onHarperDB and found several areas of extreme concern, such as lackof logging functionalities, basic level of authorisation, exposure ofusersâ access rights to any party using the database, There had to bea focus on preventative advice instead of reactive workarounds dueto the nature of the flaws found in HarperDB. As such, we providea number of recommendations for the users and developers
Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT
Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based encr yption supporting efficient access policy update that captures attributes addition and revocation to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs
CUPS : Secure Opportunistic Cloud of Things Framework based on Attribute Based Encryption Scheme Supporting Access Policy Update
The everâgrowing number of internet connected devices, coupled with the new computing trends, namely within emerging opportunistic networks, engenders several security concerns. Most of the exchanged data between the internet of things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attributeâbased encryption is a promising cryptographic mechanism suitable for distributed environments, providing flexible access control to encrypted data contents. However, it imposes high decryption costs, and does not support access policy update, for highly dynamic environments. This paper presents CUPS, an ABEâbased framework for opportunistic cloud of things applications, that securely outsources data decryption process to edge nodes in order to reduce the computation overhead on the user side. CUPS allows endâusers to offload most of the decryption overhead to an edge node and verify the correctness of the received partially decrypted data from the edge node. Moreover, CUPS provides the access policy update feature with neither involving a proxyâserver, nor reâencrypting the enciphered data contents and reâdistributing the users' secret keys. The access policy update feature in CUPS does not affect the size of the message received by the endâuser, which reduces the bandwidth and the storage usage. Our comprehensive theoretical analysis proves that CUPS outperforms existing schemes in terms of functionality, communication and computation overheads
Malicious entities are in vain : preserving privacy in publish and subscribe systems
Publish and subscribe (pub/sub) system is a decoupled communication paradigm that allows routing of publications. Through a set of dedicated third party servers, referred to as brokers, publications are disseminated without establishing any link between publishers and subscribers. However, the involvement of these brokers raises security and privacy issues as
they can harvest sensitive data about subscribers. Furthermore, a malicious broker may collude with malicious subscribers and/or publishers to infer subscribersâ interests. Our solution is such that subscribersâ interests are not revealed to curious brokers
and published data can only be accessed by the authorised
subscribers. Moreover, the proposed protocol is secure against the collusion attacks between malicious brokers, publishers, and subscribers
A survey of IoT security based on a layered architecture of sensing and data analysis
The Internet of Things (IoT) is leading todayâs digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond
Network traffic analysis for threats detection in the Internet of Things
As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Users cannot be expected to tackle this threat alone, and many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user, which is a gap that needs to be addressed. This article presents an effective signature-based solution to monitor, analyze, and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilizing passive network sniffing techniques and a cloud application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35 percent of malicious DNS traffic and 99.33 percent of Telnet traffic for an overall detection accuracy of 98.84 percent
Collusion defender : preserving subscribersâ privacy in publish and subscribe systems
The Publish and Subscribe (pub/sub) system is an
established paradigm to disseminate the data from publishers
to subscribers in a loosely coupled manner using a network
of dedicated brokers. However, sensitive data could be exposed
to malicious entities if brokers get compromised or hacked; or
even worse, if brokers themselves are curious to learn about
the data. A viable mechanism to protect sensitive publications
and subscriptions is to encrypt the data before it is disseminated
through the brokers. State-of-the-art approaches allow brokers
to perform encrypted matching without revealing publications
and subscriptions. However, if malicious brokers collude with
malicious subscribers or publishers, they can learn the interests
of innocent subscribers, even when the interests are encrypted.
In this article, we present a pub/sub system that ensures
confidentiality of publications and subscriptions in the presence
of untrusted brokers. Furthermore, our solution resists collusion
attacks between untrusted brokers and malicious subscribers (or
publishers). Finally, we have implemented a prototype of our
solution to show its feasibility and efficiency.
Index Terms: Collusion Resistance, Secure Pub/sub, Subscribersâ
Privacy, Publicationsâ Confidentialit
PAbAC : a privacy preserving attribute based framework for fine grained access control in clouds
Several existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. Moreover, to keep sensitive user data confidential against untrusted
servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, these solutions inevitably introduce a heavy computation overhead on the data owner
for key distribution and data management when fine-grained data access control is desired. In addition, access
control policies as well as usersâ access patterns are also considered as sensitive information that should be
protected from the cloud. In this paper, we propose PAbAC, a novel privacy preserving Attribute-based framework, that combines attribute-based encryption and attribute-based signature mechanisms for securely sharing
outsourced data via the public cloud. Our proposal is multifold. First, it ensures fine-grained cryptographic access control enforced at the data ownerâs side, while providing the desired expressiveness of the access control
policies. Second, PAbAC preserves usersâ privacy, while hiding any identifying information used to satisfy
the access control. Third, PAbAC is proven to be highly scalable and efficient for sharing outsourced data in
remote servers, at both the client and the cloud provider side
Immunopurification and characterization of a rape (Brassica napus L.) seedling lipase
Lipase or triacylglycerol acylhydrolase (E.C.3.1.1.3) was purified to homogeneity from rapeseed-germinated cotyledons (Brassica napus L.). The purification scheme involved homogenization, centrifugation, ultracentrifugation and affinity chromatography using polyclonal antibodies raised against porcine pancreatic lipase. The purified rapeseed lipase was homogenous and did not contain contaminating proteins detectable by SDS-PAGE and HPLC analysis. The specific activity of the purified preparation was increased about 1950 times, with an overall yield of 35%. The rapeseed lipase was found to be a cytosoluble, glycosylated and heat-labile serine-hydrolase. It was monomeric with a molecular mass of 38 kDa and a pH of 6.6. The purification method used in the present work is rapid, simple, and yields highly purified lipase. It may therefore be applicable in the purification of other uncharacterized plant lipases.Keywords: Brassica napus L., immuno-affinity, lipase, purification, triacylglycerol acyl hydrolaseAfrican Journal of Biotechnology Vol. 12(21), pp. 3224-323
PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT
Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible usersâ privacy leakage.
In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, usersâ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments
- âŠ