239 research outputs found
Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT
Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based encr yption supporting efficient access policy update that captures attributes addition and revocation to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs
CUPS : Secure Opportunistic Cloud of Things Framework based on Attribute Based Encryption Scheme Supporting Access Policy Update
The everâgrowing number of internet connected devices, coupled with the new computing trends, namely within emerging opportunistic networks, engenders several security concerns. Most of the exchanged data between the internet of things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attributeâbased encryption is a promising cryptographic mechanism suitable for distributed environments, providing flexible access control to encrypted data contents. However, it imposes high decryption costs, and does not support access policy update, for highly dynamic environments. This paper presents CUPS, an ABEâbased framework for opportunistic cloud of things applications, that securely outsources data decryption process to edge nodes in order to reduce the computation overhead on the user side. CUPS allows endâusers to offload most of the decryption overhead to an edge node and verify the correctness of the received partially decrypted data from the edge node. Moreover, CUPS provides the access policy update feature with neither involving a proxyâserver, nor reâencrypting the enciphered data contents and reâdistributing the users' secret keys. The access policy update feature in CUPS does not affect the size of the message received by the endâuser, which reduces the bandwidth and the storage usage. Our comprehensive theoretical analysis proves that CUPS outperforms existing schemes in terms of functionality, communication and computation overheads
GRAVAMINA CONSCIENTIAE. FISCALIT\uc0, DIRITTO E TEOLOGIA NELLA SPAGNA DEL SIGLO DE ORO. RICERCHE INTORNO ALLA SCUOLA DI SALAMANCA
This work reconstructs the main thought of the School of Salamanca with reference to the theme of tax imposition through the analyze of main Treaties such as De iustitia et iure, Consilia, Relectiones, commentaries to San Tommaso\u2019 Secunda Saecundae, manuals for confessors, quaestiones De iure bello, cartas and Consejos about the India\u2019s Government.
We would like to know whether and which contribution theologians \u2013jurists belonging to the second scholasticism could offer to the Spanish Crown for the organization and management of a \u201c modern\u201d and efficient fiscal system.
We found magistri who were sensible interpreters of their times, who paid attention to the fiscal reasons and at the same time strict guardian of the justice application, in that world, through the instrument of right- of iustum ius.
We reached the American coasts where Justinian sources, as interpreted by medieval jurists and as used by our theologians, demonstrated the ability to manage a government of \u201cthings never seen\u201d , making possible a connection between far coasts.
The School of Salamanca, then, as explained by its main characters, managed to offer a good instrument of control of subjects on one hand (by affirming the moral obligation of fiscal laws); and it maintained the role of Church in taking care of things of this world, on the other hand (as long as indicating the right conditions for justice, the excommunication for the ones who break them, the use of censor as suggested in bulla in Coena Domini , the acknowledgment of the central role of theologians and confessors as interpreters of a proper fiscal obligations and experts to solve any doubt).
Finally, it was able to maintain and express a deep desire for freedom that recent conquests (of men, things and earths) put away towards the old world, on a field, the fiscal one, that is central and ambivalent for the political speech, where we saw old and new conflicts coming out
Malicious entities are in vain : preserving privacy in publish and subscribe systems
Publish and subscribe (pub/sub) system is a decoupled communication paradigm that allows routing of publications. Through a set of dedicated third party servers, referred to as brokers, publications are disseminated without establishing any link between publishers and subscribers. However, the involvement of these brokers raises security and privacy issues as
they can harvest sensitive data about subscribers. Furthermore, a malicious broker may collude with malicious subscribers and/or publishers to infer subscribersâ interests. Our solution is such that subscribersâ interests are not revealed to curious brokers
and published data can only be accessed by the authorised
subscribers. Moreover, the proposed protocol is secure against the collusion attacks between malicious brokers, publishers, and subscribers
Collusion defender : preserving subscribersâ privacy in publish and subscribe systems
The Publish and Subscribe (pub/sub) system is an
established paradigm to disseminate the data from publishers
to subscribers in a loosely coupled manner using a network
of dedicated brokers. However, sensitive data could be exposed
to malicious entities if brokers get compromised or hacked; or
even worse, if brokers themselves are curious to learn about
the data. A viable mechanism to protect sensitive publications
and subscriptions is to encrypt the data before it is disseminated
through the brokers. State-of-the-art approaches allow brokers
to perform encrypted matching without revealing publications
and subscriptions. However, if malicious brokers collude with
malicious subscribers or publishers, they can learn the interests
of innocent subscribers, even when the interests are encrypted.
In this article, we present a pub/sub system that ensures
confidentiality of publications and subscriptions in the presence
of untrusted brokers. Furthermore, our solution resists collusion
attacks between untrusted brokers and malicious subscribers (or
publishers). Finally, we have implemented a prototype of our
solution to show its feasibility and efficiency.
Index Terms: Collusion Resistance, Secure Pub/sub, Subscribersâ
Privacy, Publicationsâ Confidentialit
Prov-Trust : towards a trustworthy SGX-based data provenance system
Data provenance refers to records of the inputs, entities, systems, and processes that influence data of interest, providing a historical record of the data and its origins. Secure data provenance is vital to ensure
accountability, forensics investigation of security attacks and privacy preservation. In this paper, we propose
Prov-Trust, a decentralized and auditable SGX-based data provenance system relying on highly distributed
ledgers. This consensually shared and synchronized database allows anchored data to have public witness,
providing tamper-proof provenance data, enabling the transparency of data accountability, and enhancing the
secrecy and availability of the provenance data. Prov-Trust relies on Intel SGX enclave to ensure a trusted
execution of the provenance kernel to collect, store and query provenance records. The use of SGX enclave
protects data provenance and usersâ credentials against malicious hosting and processing parties. Prov-Trust
does not rely on a trusted third party to store provenance data while performing their verification using smart
contracts and voting process. The storage of the provenance data in Prov-Trust is done using either the log
events of Smart Contracts or blockchainâs transactions depending on the provenance change event, which enables low storage costs. Finally, Prov-Trust ensures an accurate privacy-preserving auditing process based on
blockchain traces and achieved thanks to eventsâ logs that are signed by SGX enclaves, transactions being
registered after each vote session, and sealing the linking information using encryption schemes
SMART : Shared Memory based SDN Architecture to Resist DDoS Attacks
Software-Defined Networking (SDN) is a virtualised yet promising technology that is gaining attention from
both academia and industry. On the one hand, the use of a centralised SDN controller provides dynamic
configuration and management in an efficient manner; but on the other hand, it raises several concerns mainly
related to scalability and availability. Unfortunately, a centralised SDN controller may be a Single Point Of
Failure (SPOF), thus making SDN architectures vulnerable to Distributed Denial of Service (DDoS) attacks.
In this paper, we design SMART, a scalable SDN architecture that aims at reducing the risk imposed by the
centralised aspects in typical SDN deployments. SMART supports a decentralised control plane where the
coordination between switches and controllers is provided using Tuple Spaces. SMART ensures a dynamic
mapping between SDN switches and controllers without any need to execute complex migration techniques
required in typical load balancing approaches
Hepatic encephalopathy increases the risk for mortality and hospital readmission in decompensated cirrhotic patients: a prospective multicenter study
Introduction: Hepatic encephalopathy (HE) affects the survival and quality of life of patients with cirrhosis. However, longitudinal data on the clinical course after hospitalization for HE are lacking. The aim was to estimate mortality and risk for hospital readmission of cirrhotic patients hospitalized for HE. Methods: We prospectively enrolled 112 consecutive cirrhotic patients hospitalized for HE (HE group) at 25 Italian referral centers. A cohort of 256 patients hospitalized for decompensated cirrhosis without HE served as controls (no HE group). After hospitalization for HE, patients were followed-up for 12 months until death or liver transplant (LT). Results: During follow-up, 34 patients (30.4%) died and 15 patients (13.4%) underwent LT in the HE group, while 60 patients (23.4%) died and 50 patients (19.5%) underwent LT in the no HE group. In the whole cohort, age (HR 1.03, 95% CI 1.01â1.06), HE (HR 1.67, 95% CI 1.08â2.56), ascites (HR 2.56, 95% CI 1.55â4.23), and sodium levels (HR 0.94, 95% CI 0.90â0.99) were significant risk factors for mortality. In the HE group, ascites (HR 5.07, 95% CI 1.39â18.49) and BMI (HR 0.86, 95% CI 0.75â0.98) were risk factors for mortality, and HE recurrence was the first cause of hospital readmission. Conclusion: In patients hospitalized for decompensated cirrhosis, HE is an independent risk factor for mortality and the most common cause of hospital readmission compared with other decompensation events. Patients hospitalized for HE should be evaluated as candidates for LT
- âŠ