New Insights on cryptographic hierarchical access control: models, schemes and analysis

2014 - 2015Nowadays the current network-centric world has given rise to several security concerns regarding the access control management, which en- sures that only authorized users are given access to certain resources or tasks. In particular, according to their respective roles and respon- sibilities, users are typically organized into hierarchies composed of several disjoint classes (security classes). A hierarchy is characterized by the fact that some users may have more access rights than others, according to a top-down inclusion paradigm following speci c hier- archical dependencies. A user with access rights for a given class is granted access to objects stored in that class, as well as to all the de- scendant ones in the hierarchy. The problem of key management for such hierarchies consists in assigning a key to each class of the hierar- chy, so that the keys for descendant classes can be e ciently obtained from users belonging to classes at a higher level in the hierarchy. In this thesis we analyze the security of hierarchical key assignment schemes according to di erent notions: security with respect to key indistinguishability and against key recovery [4], as well as the two recently proposed notions of security with respect to strong key in- distinguishability and against strong key recovery [42]. More precisely, we rst explore the relations between all security notions and, in par- ticular, we prove that security with respect to strong key indistin- guishability is not stronger than the one with respect to key indistin- guishability. Afterwards, we propose a general construction yielding a hierarchical key assignment scheme that ensures security against strong key recovery, given any hierarchical key assignment scheme which guarantees security against key recovery. Moreover, we de ne the concept of hierarchical key assignment schemes supporting dynamic updates, formalizing the relative secu- rity model. In particular, we provide the notions of security with respect to key indistinguishability and key recovery, by taking into ac- count the dynamic changes to the hierarchy. Furthermore, we show how to construct a hierarchical key assignment scheme supporting dy- namic updates, by using as a building block a symmetric encryption scheme. The proposed construction is provably secure with respect to key indistinguishability, provides e cient key derivation and updat- ing procedures, while requiring each user to store only a single private key. Finally, we propose a novel model that generalizes the conventional hierarchical access control paradigm, by extending it to certain addi- tional sets of quali ed users. Afterwards, we propose two construc- tions for hierarchical key assignment schemes in this new model, which are provably secure with respect to key indistinguishability. In par- ticular, the former construction relies on both symmetric encryption and perfect secret sharing, whereas, the latter is based on public-key threshold broadcast encryption. [edited by author]XIV n.s

From Infection to Immunity: Understanding the Response to SARS-CoV2 Through In-Silico Modeling.

BACKGROUND: Immune system conditions of the patient is a key factor in COVID-19 infection survival. A growing number of studies have focused on immunological determinants to develop better biomarkers for therapies. AIM: Studies of the insurgence of immunity is at the core of both SARS-CoV-2 vaccine development and therapies. This paper attempts to describe the insurgence (and the span) of immunity in COVID-19 at the population level by developing an in-silico model. We simulate the immune response to SARS-CoV-2 and analyze the impact of infecting viral load, affinity to the ACE2 receptor, and age in an artificially infected population on the course of the disease. METHODS: We use a stochastic agent-based immune simulation platform to construct a virtual cohort of infected individuals with age-dependent varying degrees of immune competence. We use a parameter set to reproduce known inter-patient variability and general epidemiological statistics. RESULTS: By assuming the viremia at day 30 of the infection to be the proxy for lethality, we reproduce in-silico several clinical observations and identify critical factors in the statistical evolution of the infection. In particular, we evidence the importance of the humoral response over the cytotoxic response and find that the antibody titers measured after day 25 from the infection are a prognostic factor for determining the clinical outcome of the infection. Our modeling framework uses COVID-19 infection to demonstrate the actionable effectiveness of modeling the immune response at individual and population levels. The model developed can explain and interpret observed patterns of infection and makes verifiable temporal predictions. Within the limitations imposed by the simulated environment, this work proposes quantitatively that the great variability observed in the patient outcomes in real life can be the mere result of subtle variability in the infecting viral load and immune competence in the population. In this work, we exemplify how computational modeling of immune response provides an important view to discuss hypothesis and design new experiments, in particular paving the way to further investigations about the duration of vaccine-elicited immunity especially in the view of the blundering effect of immunosenescence

Key Indistinguishability vs. Strong Key Indistinguishability for Hierarchical Key Assignment Schemes

A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. In this paper we analyze the security of hierarchical key assignment schemes according to different notions: security with respect to key indistinguishability and against key recovery, as well as the two recently proposed notions of security with respect to strong key indistinguishability and against strong key recovery. We first explore the relations between all security notions and, in particular, we prove that security with respect to strong key indistinguishability is not stronger than the one with respect to key indistinguishability. Afterwards, we propose a general construction yielding a hierarchical key assignment scheme offering security against strong key recovery, given any hierarchical key assignment scheme which guarantees security against key recovery

Fabric-GC: A Blockchain-based Gantt Chart System for Cross-organizational Project Management

Large-scale production is always associated with more and more development and interaction among peers, and many fields achieve higher economic benefits through project cooperation. However, project managers in the traditional centralized approach cannot rearrange their activities to cross-organizational project management. Thanks to its characteristics, the Blockchain can represent a valid solution to the problems mentioned above. In this article, we propose Fabric-GC, a Blockchain-based Gantt chart system. Fabric-GC enables to realize secure and effective cross-organizational cooperation for project management, providing access control to multiple parties for project visualization. Compared with other solutions, the proposed system is versatile, as it can be applied to project management in different fields and achieve effective and agile scheduling. Experimental results show that Fabric-GC achieves stable performance in large-scale request and processing distributed environments, where the data synchronization speed of the consortium chain reached four times faster than a public chain, achieving faster data consistency

A one-mutation mathematical model can explain the age incidence of acute myeloid leukemia with mutated nucleophosmin (NPM1).

Acute myeloid leukemia with mutated NPM1 gene and aberrant cytoplasmic expression of nucleophosmin (NPMc(+) acute myeloid leukemia) shows distinctive biological and clinical features. Experimental evidence of the oncogenic potential of the nucleophosmin mutant is, however, still lacking, and it is unclear whether other genetic lesion(s), e.g. FLT3 internal tandem duplication, cooperate with NPM1 mutations in acute myeloid leukemia development. An analysis of age-specific incidence, together with mathematical modeling of acute myeloid leukemia epidemiology, can help to uncover the number of genetic events needed to cause leukemia. We collected data on age at diagnosis of acute myeloid leukemia patients from five European Centers in Germany, The Netherlands and Italy, and determined the age-specific incidence of AML with mutated NPM1 (a total of 1,444 cases) for each country. Linear regression of the curves representing age-specific rates of diagnosis per year showed similar slopes of about 4 on a double logarithmic scale. We then adapted a previously designed mathematical model of hematopoietic tumorigenesis to analyze the age incidence of acute myeloid leukemia with mutated NPM1 and found that a one-mutation model can explain the incidence curve of this leukemia entity. This model fits with the hypothesis that NPMc(+) acute myeloid leukemia arises from an NPM1 mutation with haploinsufficiency of the wild-type NPM1 allele

DNS tunnels detection via DNS-images

DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims' devices,steal sensitive data, or perform fraudulent actions against third parties without their knowledge.The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortu-nately, traditional defense systems based on Deep Packet Inspection cannot always detect suchtraffic. As a result, DNS tunneling is one problem that has worried the cybersecurity communityover the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detectionapproach to mine valuable insight from DNS query payloads. More precisely, several featuresare first extracted by the DNS flow, and then they are arranged as bi-dimensional images. AConvolutionalNeuralNetworkis used to automatically and adaptively learn spatial hierarchies offeatures to be used in a fully connected neural network for traffic classification. The proposedapproach may result in an extremely interesting task in predictive security approaches to attackdetection.The effectiveness of the proposal is evaluated in several experiments using a real-worldtraffic dataset. The obtained results show that our approach achieves 99.99% of accuracy andperforms better than state-of-the-art solution

A Cluster-based Multidimensional Approach for Detecting Attacks on Connected Vehicles

Nowadays, modern vehicles are becoming even more connected, intelligent, and smart. A modern vehicle encloses several cyber-physical systems such as actuators and sensors, which are controlled by electronic control units (ECUs). Such ECUs are connected through in-vehicle networks, and, in turn, such networks are connected to the Internet of Vehicles (IoV) to provide advanced and smart features. However, the increase in vehicle connectivity and computerization, although it brings clear advantages, it introduces serious safety problems that can also endanger the life of the driver and passengers of the vehicle, as well as that of pedestrians. Such problems are mainly caused by the security weaknesses affecting the Controller Area Network (CAN) bus, used to exchange data between ECUs. In this paper, we provide two algorithms that implement a data-driven anomaly detection system. The first algorithm (Cluster-based Learning Algorithm), is used to learn the behavior of messages passing on the CAN bus, for baselining purposes, while the second one (Data-driven Anomaly Detection Algorithm) is used to perform real-time classification of such messages (licit or illicit) for early alerting in the presence of malicious usages. The experimental results, obtained by using data coming from a real vehicle, have shown that our approach is capable of performing better than other anomaly-detection based approaches

Text Compression and Encryption through Smart Devices for Mobile Communication

Today's life of e-citizens relies more and more on the "always-on" paradigm. This transformed our lives in a way that it is difficult, and sometimes impossible, to deal with day-by-day activities without being 'connected". The technology that enable an individual to take advantage, in the best way, of the Ubiquitous Computing paradigm is the Mobile Computing Communication that is fostered by the wide adoption of smart devices such as mobile phone, smartphones, tablets and so on. In this work we investigate the possibility of reliably sending a small file via Short Message Service (SMS) by using data compression for a more effective mobile data exchange in which basic GSM is the only available data communication option. We present an application for portable devices, called Smart Text Compression and Encryption for Short Message Service (STCESMS), based on Google Android OS that can compress and/or encrypt a file or generic message and send it via SMS, according to different strategies properly influenced by the containment of delivery cost or energy consumption objectives. STCESMS also provides encryption services, implemented by using the Data Encryption Standard, after the compression process