132 research outputs found
Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments
The enforcement of sensitive policies in untrusted environments is still an
open challenge for policy-based systems. On the one hand, taking any
appropriate security decision requires access to these policies. On the other
hand, if such access is allowed in an untrusted environment then confidential
information might be leaked by the policies. The key challenge is how to
enforce sensitive policies and protect content in untrusted environments. In
the context of untrusted environments, we mainly distinguish between outsourced
and distributed environments. The most attractive paradigms concerning
outsourced and distributed environments are cloud computing and opportunistic
networks, respectively.
In this dissertation, we present the design, technical and implementation
details of our proposed policy-based access control mechanisms for untrusted
environments. First of all, we provide full confidentiality of access policies
in outsourced environments, where service providers do not learn private
information about policies. We support expressive policies and take into
account contextual information. The system entities do not share any encryption
keys. For complex user management, we offer the full-fledged Role-Based Access
Control (RBAC) policies.
In opportunistic networks, we protect content by specifying expressive
policies. In our proposed approach, brokers match subscriptions against
policies associated with content without compromising privacy of subscribers.
As a result, unauthorised brokers neither gain access to content nor learn
policies and authorised nodes gain access only if they satisfy policies
specified by publishers. Our proposed system provides scalable key management
in which loosely-coupled publishers and subscribers communicate without any
prior contact. Finally, we have developed a prototype of the system that runs
on real smartphones and analysed its performance.Comment: Ph.D. Dissertation. http://eprints-phd.biblio.unitn.it/1124
ESPOON: Enforcing Security Policies In Outsourced Environments
Data outsourcing is a growing business model offering services to individuals
and enterprises for processing and storing a huge amount of data. It is not
only economical but also promises higher availability, scalability, and more
effective quality of service than in-house solutions. Despite all its benefits,
data outsourcing raises serious security concerns for preserving data
confidentiality. There are solutions for preserving confidentiality of data
while supporting search on the data stored in outsourced environments. However,
such solutions do not support access policies to regulate access to a
particular subset of the stored data.
For complex user management, large enterprises employ Role-Based Access
Controls (RBAC) models for making access decisions based on the role in which a
user is active in. However, RBAC models cannot be deployed in outsourced
environments as they rely on trusted infrastructure in order to regulate access
to the data. The deployment of RBAC models may reveal private information about
sensitive data they aim to protect. In this paper, we aim at filling this gap
by proposing \textbf{} for enforcing RBAC policies in
outsourced environments. enforces RBAC policies in an
encrypted manner where a curious service provider may learn a very limited
information about RBAC policies. We have implemented
and provided its performance evaluation showing a limited overhead, thus
confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in
Elsevier Computers & Security 2013. arXiv admin note: text overlap with
arXiv:1306.482
ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments
The enforcement of security policies in outsourced environments is still an
open challenge for policy-based systems. On the one hand, taking the
appropriate security decision requires access to the policies. However, if such
access is allowed in an untrusted environment then confidential information
might be leaked by the policies. Current solutions are based on cryptographic
operations that embed security policies with the security mechanism. Therefore,
the enforcement of such policies is performed by allowing the authorised
parties to access the appropriate keys. We believe that such solutions are far
too rigid because they strictly intertwine authorisation policies with the
enforcing mechanism.
In this paper, we want to address the issue of enforcing security policies in
an untrusted environment while protecting the policy confidentiality. Our
solution ESPOON is aiming at providing a clear separation between security
policies and the enforcement mechanism. However, the enforcement mechanism
should learn as less as possible about both the policies and the requester
attributes.Comment: The final version of this paper has been published at ARES 201
Technologies and solutions for location-based services in smart cities: past, present, and future
Location-based services (LBS) in smart cities have drastically altered the way cities operate, giving a new dimension to the life of citizens. LBS rely on location of a device, where proximity estimation remains at its core. The applications of LBS range from social networking and marketing to vehicle-toeverything communications. In many of these applications, there is an increasing need and trend to learn the physical distance between nearby devices. This paper elaborates upon the current needs of proximity estimation in LBS and compares them against the available Localization and Proximity (LP) finding technologies (LP technologies in short). These technologies are compared for their accuracies and performance based on various different parameters, including latency, energy consumption, security, complexity, and throughput. Hereafter, a classification of these technologies, based on various different smart city applications, is presented. Finally, we discuss some emerging LP technologies that enable proximity estimation in LBS and present some future research areas
A lightweight Intrusion Detection for Internet of Things-based smart buildings
The integration of Internet of Things (IoT) devices into commercial or industrial buildings to create smart environments, such as Smart Buildings (SBs), has enabled real-time data collection and processing to effectively manage building operations. Due to poor security design and implementation in IoT devices, SB networks face an array of security challenges and threats (e.g., botnet malware) that leverage IoT devices to conduct Distributed Denial of Service (DDoS) attacks on the Internet infrastructure. Machine Learning (ML)-based traffic classification systems aim to automatically detect such attacks by effectively differentiating attacks from benign traffic patterns in IoT networks. However, there is an inherent accuracy-efficiency tradeoff in network traffic classification tasks. To balance this tradeoff, we develop an accurate yet lightweight device-specific traffic classification model. This model classifies SB traffic flows into four types of coarse-grained flows, based on the locations of traffic sources and the directions of traffic transmissions. Through these four types of coarse-grained flows, the model can extract simple yet effective flow rate features to conduct learning and predictions. Our experiments find the model to achieve an overall accuracy of 96%, with only 32 features to be learned by the ML model
A Marketplace for Efficient and Secure Caching for IoT Applications in 5G Networks
As the communication industry is progressing towards
fifth generation (5G) of cellular networks, the traffic it
carries is also shifting from high data rate traffic from cellular
users to a mixture of high data rate and low data rate traffic
from Internet of Things (IoT) applications. Moreover, the need
to efficiently access Internet data is also increasing across 5G
networks. Caching contents at the network edge is considered
as a promising approach to reduce the delivery time. In this
paper, we propose a marketplace for providing a number of
caching options for a broad range of applications. In addition,
we propose a security scheme to secure the caching contents
with a simultaneous potential of reducing the duplicate contents
from the caching server by dividing a file into smaller chunks.
We model different caching scenarios in NS-3 and present the
performance evaluation of our proposal in terms of latency and
throughput gains for various chunk sizes
- …