Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT

Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based encr yption supporting efficient access policy update that captures attributes addition and revocation to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs

CUPS : Secure Opportunistic Cloud of Things Framework based on Attribute Based Encryption Scheme Supporting Access Policy Update

The ever‐growing number of internet connected devices, coupled with the new computing trends, namely within emerging opportunistic networks, engenders several security concerns. Most of the exchanged data between the internet of things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute‐based encryption is a promising cryptographic mechanism suitable for distributed environments, providing flexible access control to encrypted data contents. However, it imposes high decryption costs, and does not support access policy update, for highly dynamic environments. This paper presents CUPS, an ABE‐based framework for opportunistic cloud of things applications, that securely outsources data decryption process to edge nodes in order to reduce the computation overhead on the user side. CUPS allows end‐users to offload most of the decryption overhead to an edge node and verify the correctness of the received partially decrypted data from the edge node. Moreover, CUPS provides the access policy update feature with neither involving a proxy‐server, nor re‐encrypting the enciphered data contents and re‐distributing the users' secret keys. The access policy update feature in CUPS does not affect the size of the message received by the end‐user, which reduces the bandwidth and the storage usage. Our comprehensive theoretical analysis proves that CUPS outperforms existing schemes in terms of functionality, communication and computation overheads

GRAVAMINA CONSCIENTIAE. FISCALIT\uc0, DIRITTO E TEOLOGIA NELLA SPAGNA DEL SIGLO DE ORO. RICERCHE INTORNO ALLA SCUOLA DI SALAMANCA

This work reconstructs the main thought of the School of Salamanca with reference to the theme of tax imposition through the analyze of main Treaties such as De iustitia et iure, Consilia, Relectiones, commentaries to San Tommaso\u2019 Secunda Saecundae, manuals for confessors, quaestiones De iure bello, cartas and Consejos about the India\u2019s Government. We would like to know whether and which contribution theologians \u2013jurists belonging to the second scholasticism could offer to the Spanish Crown for the organization and management of a \u201c modern\u201d and efficient fiscal system. We found magistri who were sensible interpreters of their times, who paid attention to the fiscal reasons and at the same time strict guardian of the justice application, in that world, through the instrument of right- of iustum ius. We reached the American coasts where Justinian sources, as interpreted by medieval jurists and as used by our theologians, demonstrated the ability to manage a government of \u201cthings never seen\u201d , making possible a connection between far coasts. The School of Salamanca, then, as explained by its main characters, managed to offer a good instrument of control of subjects on one hand (by affirming the moral obligation of fiscal laws); and it maintained the role of Church in taking care of things of this world, on the other hand (as long as indicating the right conditions for justice, the excommunication for the ones who break them, the use of censor as suggested in bulla in Coena Domini , the acknowledgment of the central role of theologians and confessors as interpreters of a proper fiscal obligations and experts to solve any doubt). Finally, it was able to maintain and express a deep desire for freedom that recent conquests (of men, things and earths) put away towards the old world, on a field, the fiscal one, that is central and ambivalent for the political speech, where we saw old and new conflicts coming out

Malicious entities are in vain : preserving privacy in publish and subscribe systems

Publish and subscribe (pub/sub) system is a decoupled communication paradigm that allows routing of publications. Through a set of dedicated third party servers, referred to as brokers, publications are disseminated without establishing any link between publishers and subscribers. However, the involvement of these brokers raises security and privacy issues as they can harvest sensitive data about subscribers. Furthermore, a malicious broker may collude with malicious subscribers and/or publishers to infer subscribers’ interests. Our solution is such that subscribers’ interests are not revealed to curious brokers and published data can only be accessed by the authorised subscribers. Moreover, the proposed protocol is secure against the collusion attacks between malicious brokers, publishers, and subscribers

Collusion defender : preserving subscribers’ privacy in publish and subscribe systems

The Publish and Subscribe (pub/sub) system is an established paradigm to disseminate the data from publishers to subscribers in a loosely coupled manner using a network of dedicated brokers. However, sensitive data could be exposed to malicious entities if brokers get compromised or hacked; or even worse, if brokers themselves are curious to learn about the data. A viable mechanism to protect sensitive publications and subscriptions is to encrypt the data before it is disseminated through the brokers. State-of-the-art approaches allow brokers to perform encrypted matching without revealing publications and subscriptions. However, if malicious brokers collude with malicious subscribers or publishers, they can learn the interests of innocent subscribers, even when the interests are encrypted. In this article, we present a pub/sub system that ensures confidentiality of publications and subscriptions in the presence of untrusted brokers. Furthermore, our solution resists collusion attacks between untrusted brokers and malicious subscribers (or publishers). Finally, we have implemented a prototype of our solution to show its feasibility and efficiency. Index Terms: Collusion Resistance, Secure Pub/sub, Subscribers’ Privacy, Publications’ Confidentialit

Prov-Trust : towards a trustworthy SGX-based data provenance system

Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed ledgers. This consensually shared and synchronized database allows anchored data to have public witness, providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave protects data provenance and users’ credentials against malicious hosting and processing parties. Prov-Trust does not rely on a trusted third party to store provenance data while performing their verification using smart contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log events of Smart Contracts or blockchain’s transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on blockchain traces and achieved thanks to events’ logs that are signed by SGX enclaves, transactions being registered after each vote session, and sealing the linking information using encryption schemes

SMART : Shared Memory based SDN Architecture to Resist DDoS Attacks

Software-Defined Networking (SDN) is a virtualised yet promising technology that is gaining attention from both academia and industry. On the one hand, the use of a centralised SDN controller provides dynamic configuration and management in an efficient manner; but on the other hand, it raises several concerns mainly related to scalability and availability. Unfortunately, a centralised SDN controller may be a Single Point Of Failure (SPOF), thus making SDN architectures vulnerable to Distributed Denial of Service (DDoS) attacks. In this paper, we design SMART, a scalable SDN architecture that aims at reducing the risk imposed by the centralised aspects in typical SDN deployments. SMART supports a decentralised control plane where the coordination between switches and controllers is provided using Tuple Spaces. SMART ensures a dynamic mapping between SDN switches and controllers without any need to execute complex migration techniques required in typical load balancing approaches

Hepatic encephalopathy increases the risk for mortality and hospital readmission in decompensated cirrhotic patients: a prospective multicenter study

Introduction: Hepatic encephalopathy (HE) affects the survival and quality of life of patients with cirrhosis. However, longitudinal data on the clinical course after hospitalization for HE are lacking. The aim was to estimate mortality and risk for hospital readmission of cirrhotic patients hospitalized for HE. Methods: We prospectively enrolled 112 consecutive cirrhotic patients hospitalized for HE (HE group) at 25 Italian referral centers. A cohort of 256 patients hospitalized for decompensated cirrhosis without HE served as controls (no HE group). After hospitalization for HE, patients were followed-up for 12 months until death or liver transplant (LT). Results: During follow-up, 34 patients (30.4%) died and 15 patients (13.4%) underwent LT in the HE group, while 60 patients (23.4%) died and 50 patients (19.5%) underwent LT in the no HE group. In the whole cohort, age (HR 1.03, 95% CI 1.01–1.06), HE (HR 1.67, 95% CI 1.08–2.56), ascites (HR 2.56, 95% CI 1.55–4.23), and sodium levels (HR 0.94, 95% CI 0.90–0.99) were significant risk factors for mortality. In the HE group, ascites (HR 5.07, 95% CI 1.39–18.49) and BMI (HR 0.86, 95% CI 0.75–0.98) were risk factors for mortality, and HE recurrence was the first cause of hospital readmission. Conclusion: In patients hospitalized for decompensated cirrhosis, HE is an independent risk factor for mortality and the most common cause of hospital readmission compared with other decompensation events. Patients hospitalized for HE should be evaluated as candidates for LT