Analysing the EAP-TLS handshake and the 4-way handshake of the 802.11i standard

The IEEE 802.11i standard has been designed to enhance security in wireless networks. The EAP-TLS handshake aims to provide mutual authentication between supplicant and authentication server, and then derive the Pairwise Master Key (PMK). In the 4 -way handshake the supplicant and the authenticator use PMK to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security while assuming the supplicant and authenticator have the same PMK before running 4- way handshake. In this paper, the EAP-TLS handshake and the 4-way handshake phases have been analysed with a proposed framework using Isabelle tool. In the analysis, we have found a new Denial-of-Service (DoS) attack in the 4-way handshake. The attack prevents the authenticator from receiving message 4 after the supplicant sends it out. This attack forces the authenticator to re-send the message 3 until time out and subsequently to de-authenticate supplicant. This paper has proposed improvements to the 4-way handshake to avoid the Denial-of-Service attack

Analysing and attacking the 4-way handshake of IEEE 802.11i standard

The IEEE 802.11i standard has been designed to enhance security in wireless networks. In the 4-way handshake the supplicant and the authenticator use the pairwise master key (PMK) to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security while assuming the supplicant and authenticator have the same PMK before running 4-way handshake. In this paper, the 4-way handshake phase has been analysed using Isabelle tool to identify a new Denial-of-Service (DoS) attack. The attack prevents the authenticator from receiving message 4 after the supplicant sends it out. This attack forces the authenticator to re-send the message 3 until time out and subsequently to de-authenticate supplicant. This paper has proposed improvements to the 4-way handshake to avoid the Denial-of-Service attack

Privacy preserving cloud computation using Domingo-Ferrer scheme

Homomorphic encryption system (HES) schemes are anticipated to play a significant role in cloud-based applications. Moving to cloud-based storage and analytic services securely are two of the most important advantages of HES. Several HES schemes have been recently proposed. However, the majority of them either have limited capabilities or are impractical in real-world applications. Various HES schemes provide the ability to perform computations for statistical analysis (e.g. average, mean and variance) on encrypted data. Domingo-Ferrer is one scheme that has privacy homomorphism properties to perform the basic mathematical operations (addition, subtraction and multiplication) in a convenient and secure way. However, it works only in the positive numbers’ range which is considered as a limitation because several applications require both positive and negative ranges in which to work, especially those that have to implement analytical services in cloud computing. In this paper, we extend Domingo-Ferrer’s scheme to be able to perform arithmetic operations for both positive and negative numbers. We also propose using a lightweight data aggregation function to compute both maximum and minimum values of the aggregated data that works for both positive and negative numbers

Privacy-preserving data analytics in cloud computing

The evolution of digital content and rapid expansion of data sources has raised the need for streamlined monitoring, collection, storage and analysis of massive, heterogeneous data to extract useful knowledge and support decision-making mechanisms. In this context, cloud computing o↵ers extensive, cost-e↵ective and on demand computing resources that improve the quality of services for users and also help service providers (enterprises, governments and individuals). Service providers can avoid the expense of acquiring and maintaining IT resources while migrating data and remotely managing processes including aggregation, monitoring and analysis in cloud servers. However, privacy and security concerns of cloud computing services, especially in storing sensitive data (e.g. personal, healthcare and financial) are major challenges to the adoption of these services. To overcome such barriers, several privacy-preserving techniques have been developed to protect outsourced data in the cloud. Cryptography is a well-known mechanism that can ensure data confidentiality in the cloud. Traditional cryptography techniques have the ability to protect the data through encryption in cloud servers and data owners can retrieve and decrypt data for their processing purposes. However, in this case, cloud users can use the cloud resources for data storage but they cannot take full advantage of cloud-based processing services. This raises the need to develop advanced cryptosystems that can protect data privacy, both while in storage and in processing in the cloud. Homomorphic Encryption (HE) has gained attention recently because it can preserve the privacy of data while it is stored and processed in the cloud servers and data owners can retrieve and decrypt their processed data to their own secure side. Therefore, HE o↵ers an end-to-end security mechanism that is a preferable feature in cloud-based applications. In this thesis, we developed innovative privacy-preserving cloud-based models based on HE cryptosystems. This allowed us to build secure and advanced analytic models in various fields. We began by designing and implementing a secure analytic cloud-based model based on a lightweight HE cryptosystem. We used a private resident cloud entity, called ”privacy manager”, as an intermediate communication server between data owners and public cloud servers. The privacy manager handles analytical tasks that cannot be accomplished by the lightweight HE cryptosystem. This model is convenient for several application domains that require real-time responses. Data owners delegate their processing tasks to the privacy manager, which then helps to automate analysis tasks without the need to interact with data owners. We then developed a comprehensive, secure analytical model based on a Fully Homomorphic Encryption (FHE), that has more computational capability than the lightweight HE. Although FHE can automate analysis tasks and avoid the use of the privacy manager entity, it also leads to massive computational overhead. To overcome this issue, we took the advantage of the massive cloud resources by designing a MapReduce model that massively parallelises HE analytical tasks. Our parallelisation approach significantly speeds up the performance of analysis computations based on FHE. We then considered distributed analytic models where the data is generated from distributed heterogeneous sources such as healthcare and industrial sensors that are attached to people or installed in a distributed-based manner. We developed a secure distributed analytic model by re-designing several analytic algorithms (centroid-based and distribution-based clustering) to adapt them into a secure distributed-based models based on FHE. Our distributed analytic model was developed not only for distributed-based applications, but also it eliminates FHE overhead obstacle by achieving high efficiency in FHE computations. Furthermore, the distributed approach is scalable across three factors: analysis accuracy, execution time and the amount of resources used. This scalability feature enables users to consider the requirements of their analysis tasks based on these factors (e.g. users may have limited resources or time constrains to accomplish their analysis tasks). Finally, we designed and implemented two privacy-preserving real-time cloud-based applications to demonstrate the capabilities of HE cryptosystems, in terms of both efficiency and computational capabilities for applications that require timely and reliable delivery of services. First, we developed a secure cloud-based billing model for a sensor-enabled smart grid infrastructure by using lightweight HE. This model handled billing analysis tasks for individual users in a secure manner without the need to interact with any trusted parties. Second, we built a real-time secure health surveillance model for smarter health communities in the cloud. We developed a secure change detection model based on an exponential smoothing technique to predict future changes in health vital signs based on FHE. Moreover, we built an innovative technique to parallelise FHE computations which significantly reduces computational overhead

Privacy preserving cloud computation using Domingo-Ferrer scheme

Homomorphic encryption system (HES) schemes are anticipated to play a significant role in cloud-based applications. Moving to cloud-based storage and analytic services securely are two of the most important advantages of HES. Several HES schemes have been recently proposed. However, the majority of them either have limited capabilities or are impractical in real-world applications. Various HES schemes provide the ability to perform computations for statistical analysis (e.g. average, mean and variance) on encrypted data. Domingo-Ferrer is one scheme that has privacy homomorphism properties to perform the basic mathematical operations (addition, subtraction and multiplication) in a convenient and secure way. However, it works only in the positive numbers' range which is considered as a limitation because several applications require both positive and negative ranges in which to work, especially those that have to implement analytical services in cloud computing. In this paper, we extend Domingo-Ferrer's scheme to be able to perform arithmetic operations for both positive and negative numbers. We also propose using a lightweight data aggregation function to compute both maximum and minimum values of the aggregated data that works for both positive and negative numbers

Real-Time Secure Health Surveillance for Smarter Health Communities

© 1979-2012 IEEE. Pervasive healthcare services with smart decision making capability and ubiquitous communication technologies can forge future smart communities. Real-Time health surveillance for early detection of life-Threatening diseases through advanced sensing and communication technology can provide better treatment, reduce medical expenses and save lives of community residents (i.e., patients). However, the assurance of data privacy is the prime concern for such smart health technologies. This research aims to describe a privacy-preserving cloud-based system for real-Time health surveillance through change detection of multiple vital health signs of smart community members. Vital signs data generated from IoT-enabled wearable devices are processed in real-Time in a cloud environment. This article focuses on the development of a predictive model for the smart community considering the sensitivity of data processing in a third-party environment (e.g., cloud computing). We developed a vital sign change detection system using Holt's linear trend method (to enable prediction of data with trends) where fully homomorphic encryption is adapted to perform computations on an encrypted domain that can ensure data privacy. Moreover, to reduce the overhead of the fully homomorphic encryption method over large medical data we introduced a parallel approach for encrypted computations using a MapReduce algorithm of Apache Hadoop. We demonstrated the proposed model by evaluating some case studies for different vital signs of patients. The accuracy and efficiency of the implementation demonstrate the effectiveness of the proposed model for building a smart community

Privacy-preserving anomaly detection in cloud with lightweight homomorphic encryption

Anomaly detection on large-scale, complex and dynamic data is an essential service that is vital to enable smart functionality in most systems. Increased reliance on cloud computing infrastructures to process such data pose critical challenges with regard to security and privacy. This paper introduces a practical framework that takes advantage of cloud resources to provide a lightweight and scalable privacy preserving anomaly detection service for sensor data. A lightweight Homomorphic Encryption scheme is used to ensure data security and privacy with any computational limitations overcome through a convenient data processing model that employs a single private server collaborating with a set of public servers within a cloud data centre. Virtual nodes implemented on public servers perform granular anomaly detection operations on encrypted data. Comprehensive experimentation demonstrates consistently high detection accuracy with less overheads in a cloud-based anomaly detection model that is both lightweight and scalable while ensuring data privacy

Privacy-preserving anomaly detection in the cloud for quality assured decision-making in smart cities

Rapid urbanisation places extensive demands on city services and infrastructure that mandate innovative and sustainable solutions which increasingly involve streamlined monitoring, collection, storage and analysis of massive, heterogeneous data. Analytics services, such as anomaly detection, work to both extract knowledge and support decision-making mechanisms that enable smart functionality over such contexts. However, data privacy and data quality remain significant challenges to assuring the quality of decision-making. This paper introduces a scalable, cloud-based model to provide a privacy preserving anomaly detection service for quality assured decision-making in smart cities. Homomorphic encryption is employed to preserve data privacy during the analysis and MapReduce based distribution of tasks and parallelisation is used to overcome computational overheads associated with homomorphic encryption. Experiments demonstrate that a high level of accuracy is maintained for anomaly detection performed on encrypted data with the adopted distributed data processing approach significantly reducing associated computational overheads