Key-Based Cookie-Less Session Management Framework for Application Layer Security

The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors

Privacy Preserving Inference for Deep Neural Networks:Optimizing Homomorphic Encryption for Efficient and Secure Classification

The application of machine learning in healthcare, financial, social media, and other sensitive sectors not only involves high accuracy but privacy as well. Due to the emergence of the Cloud as a computation and one-to-many access paradigm; training and classification/inference tasks have been outsourced to Cloud. However, its usage is limited due to legal and ethical constraints regarding privacy. In this work, we propose a privacy-preserving neural networks-based classification model based on Homomorphic Encryption (HE) where the user can send an encrypted instance to the cloud and receive an encrypted inference from it to preserve the user’s query privacy. In contrast to existing works, we demonstrate the realistic limitations of HE for privacy-preserving machine learning by changing its parameters for enhanced security and accuracy. We showcase scenarios where the choice of HE parameters impedes accurate classification and present an optimized setting for achieving reliable classification. We present several results to demonstrate its effectiveness using MNIST dataset with highly improved inference time for a query as compared to the state of the art

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute’s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications

Privacy preserving and serverless homomorphic-based searchable encryption as a service (SEaaS)

Serverless computing has seen rapid growth, thanks to its adaptability, elasticity, and deployment agility, embraced by both cloud providers and users. However, this surge in serverless adoption has prompted a reevaluation of security concerns and thus, searchable encryption has emerged as a crucial technology. This paper explores the Searchable Encryption as a Service (SEaaS) and introduces an innovative privacy-preserving Multiple Keyword Searchable Encryption (MKSE) scheme within a serverless cloud environment, addressing previously unmet security goals. The proposed scheme employs probabilistic encryption and leverages fully homomorphic encryption to enable operations on ciphertext, facilitating searches on encrypted data. Its core innovation lies in the use of probabilistic encryption for private multi-keyword searches. To validate its practicality, we deploy the scheme on the public cloud infrastructure, “Contabo,” and conduct rigorous testing on a real-world dataset. The results demonstrate that our novel scheme successfully preserves the privacy of search queries and access patterns, achieving robust security. This research contributes to the field of serverless cloud security, particularly in the context of searchable encryption, by providing a refined solution for safeguarding data while maintaining usability in a serverless computing landscape

A novel image-based homomorphic approach for preserving the privacy of autonomous vehicles connected to the cloud

Autonomous vehicles are taking a leap forward by performing operations without human intervention through continuous monitoring of their surroundings using multiple sensors. Images gathered through vehicle mounted cameras can be large, requiring specialized storage such as cloud. However, cloud data centres can be prone to security and privacy challenges. A partial image-based, homomorphic searchable encryption scheme is proposed, which uses pixel-level encryption to identify objects within encrypted images. The scheme provides Object-Trapdoor and Trapdoor-Image indistinguishability – as the trapdoors are probabilistic. The proposed scheme is deployed on a cloud data centre and tested over a real data set. The proposed scheme reduces storage overhead by approximately 20 times, and is 33 times more efficient compared to the generic Paillier homomorphic searchable encryption scheme. Security analysis demonstrates that the scheme maintains high levels of security and privacy

A Novel ICMetric Public Key Framework for Secure Communication

The Integrated Circuit Metric (ICMetric) technology is a novel trust basis that uses the system features to create an identication of a device. The ICMetric of the device is used for the provision of security services, thereby addressing the issue of trust associated with device identity. The ICMetric technology can be adapted to function with varying environments; however, the short length and low entropy of the ICMetric key pose a major threat to applications based on ICMetric. This paper proposes a secure compre-hensive ICMetric based architecture that facilitates asymmetric ICMetric applications for secure services in an end-to-end environment. This novel framework has been designed keeping in mind the construction principles of ICMetric thereby preventing threats that are prevalent in many security schemes. Finally, an empirical evaluation and feasibility has been presented by implementing the proposed framework and doing an extensive security analysis

A Novel Approach to Reduce Breaches of Aircraft Communication Data

Aircraft are complex systems that rely heavily on monitoring and real-time communications with the base station. During aviation and flight operations, diverse data are gathered from different sources, including the Cockpit Voice Recorder (CVR), Flight Data Recorder (FDR), logbook, passenger data, passenger manifest etc. Given the high sensitivity of flight data, it is an attractive target for adversaries which could result in operational, financial and safety related incidents. Communications between aircraft pilots and air traffic controllers are all unencrypted. The data, mainly audio communication files, are placed openly within data centers on the ground stations which could lead to a serious compromise in security and privacy. One may rely on the cloud owing to its on-demand features but to thwart possible attacks, the data need to be encrypted first, giving rise to the issue of conducting search over encrypted data. This research presents a novel approach for data security in aviation industry by introducing a semantic-based searchable encryption scheme over the cloud. The designed system has proven to be extraordinarily effective for semantic-based searchable encryption at the word and the text level. The rigorous security and complexity analysis shows that the proposed solution provides a high level of security and efficiency and can be effectively deployed in the aviation sector. The designed scheme is tested through a real-world aviation dataset collected to demonstrate the significance of this research. The proof of concept proves to be secure, privacy-preserving and lightweight while resisting distinguishability attacks

A Novel Homomorphic Approach for Preserving Privacy of Patient Data in Telemedicine

Globally, the surge in disease and urgency in maintaining social distancing has reawakened the use of telemedicine/telehealth. Amid the global health crisis, the world adopted the culture of online consultancy. Thus, there is a need to revamp the conventional model of the telemedicine system as per the current challenges and requirements. Security and privacy of data are main aspects to be considered in this era. Data-driven organizations also require compliance with regulatory bodies, such as HIPAA, PHI, and GDPR. These regulatory compliance bodies must ensure user data privacy by implementing necessary security measures. Patients and doctors are now connected to the cloud to access medical records, e.g., voice recordings of clinical sessions. Voice data reside in the cloud and can be compromised. While searching voice data, a patient’s critical data can be leaked, exposed to cloud service providers, and spoofed by hackers. Secure, searchable encryption is a requirement for telemedicine systems for secure voice and phoneme searching. This research proposes the secure searching of phonemes from audio recordings using fully homomorphic encryption over the cloud. It utilizes IBM’s homomorphic encryption library (HElib) and achieves indistinguishability. Testing and implementation were done on audio datasets of different sizes while varying the security parameters. The analysis includes a thorough security analysis along with leakage profiling. The proposed scheme achieved higher levels of security and privacy, especially when the security parameters increased. However, in use cases where higher levels of security were not desirous, one may rely on a reduction in the security parameters