0000000000049765

AUTHOR

Vladimir A. Oleshchuk

showing 70 related works from this author

Access Security and Personal Privacy in Public Cellular Communication Systems: The Past, the Present and Beyond 2020

2010

In order to predict the future one needs to understand the past and then interpolate as best as possible. We expect this to work reasonably well for a “2020 Scenario”, but we do not expect this approach to be valid for a “Beyond 2020” scenario.

Information privacyWork (electrical)Security serviceOrder (exchange)business.industryPolitical scienceInternet privacyMessage authentication codeCellular communication systemsComputer securitycomputer.software_genrebusinesscomputer
researchProduct

An attribute based access control scheme for secure sharing of electronic health records

2016

Electronic health records (EHRs) play a vital role in modern health industry, allowing the possibility of flexible sharing of health information in the quest of provisioning advanced and efficient healthcare services for the users. Although sharing of EHRs has significant benefits, given that such records contain lot of sensitive information, secure sharing of EHRs is of paramount importance. Thus, there is a need for the realization of sophisticated access control mechanisms for secure sharing of EHRs, which has attracted significant interest from the research community. The most prominent access control schemes for sharing of EHRs found in literature are role based and such solutions have…

Scheme (programming language)business.industryComputer scienceInternet privacy020206 networking & telecommunications020207 software engineeringProvisioningAccess control02 engineering and technologyComputer securitycomputer.software_genreInformation sensitivityResource (project management)Health care0202 electrical engineering electronic engineering information engineeringComputingMilieux_COMPUTERSANDSOCIETYbusinesscomputerSelective disclosurecomputer.programming_languageDrawback2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)
researchProduct

A novel policy-driven reversible anonymisation scheme for XML-based services

2015

Author's version of an article in the journal: Information Systems. Also available from the publisher at: http://dx.doi.org/10.1016/j.is.2014.05.007 This paper proposes a reversible anonymisation scheme for XML messages that supports fine-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol effectively implements a multi-level privacy and security based approach, s…

XML Encryptioncomputer.internet_protocolComputer sciencePrivacy policyInternet privacyBig dataXACMLprivacyComputer securitycomputer.software_genreXACMLbig dataVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552XML-encryptioncomputer.programming_languagebusiness.industrydeanonymiserService-oriented architectureXML databaseHardware and Architecturebusinessreversible anonymisationcomputerSoftwareXMLInformation SystemsInformation Systems
researchProduct

Trust-enhanced intelligent security model

2012

In this paper we propose a trust-enhancement of access control to protect both integrity and confidentiality based on trustworthiness of users performing operations and documents' content analysis. We propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness. We assign confidentiality levels based on contents of documents and use opinions to express trustworthiness of such assignments.

Information privacybusiness.industryComputer scienceInternet privacyAccess controlComputer security modelComputer securitycomputer.software_genreContent analysisSoftware agentData_GENERALData integrityConfidentialitybusinessSubjective logiccomputer2012 6th IEEE INTERNATIONAL CONFERENCE INTELLIGENT SYSTEMS
researchProduct

An improvement of the batch-authentication and key agreement framework for P2P-based online social networks

2014

Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.

Authenticationbusiness.industryComputer scienceAuthentication protocolNetwork Access ControlData_MISCELLANEOUSChallenge–response authenticationEncryptionbusinessAKAComputer network2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)
researchProduct

Trust-aware RBAC

2012

Published version of a chapter in the book: Computer Network Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-642-33704-8_9 In this paper we propose a trust-aware enhancement of RBAC (TA-RBAC) that takes trustworthiness of users into consideration explicitly before granting access. We assume that each role in the framework is associated with an expression that describe trustworthiness of subjects required to be able to activate the role, and each subject (user) has assigned trustworthiness level in the system. By adding trustworthiness constraints to roles we enhance system, for example, with more flexible ability to delegate roles, to control reading/updating…

DelegateTrustworthinessComputer scienceReading (process)media_common.quotation_subjectControl (management)Role-based access controlVDP::Technology: 500::Information and communication technology: 550Computer securitycomputer.software_genrecomputerExpression (mathematics)media_common
researchProduct

The Design of Secure and Efficient P2PSIP Communication Systems

2010

Recently, both academia and industry have initiated research projects directed on integration of P2PSIP paradigm into communication systems. In this paradigm, P2P network stores most of the network information among participating peers without help of the central servers. The concept of self-configuration, self-establishment greatly improves the robustness of the network system compared with the traditional Client/Server based systems. In this paper, we propose a system architecture for constructing efficient and secure P2PSIP communication systems. The proposed approach includes three-layer hierarchical overlay division, peer identifier assignment, cache based efficiency enhancement, proxy…

IdentifierRobustness (computer science)Computer sciencebusiness.industryServerDistributed computingSystems architectureCacheSubjective logicCommunications systembusinessChord (peer-to-peer)Computer network
researchProduct

A Dynamic Attribute-Based Authentication Scheme

2015

Attribute-based authentication (ABA) is an approach to authenticate users by their attributes, so that users can get authenticated anonymously and their privacy can be protected. In ABA schemes, required attributes are represented by attribute trees, which can be combined with signature schemes to construct ABA schemes. Most attribute trees are built from top to down and can not change with attribute requirement changes. In this paper, we propose an ABA scheme based on down-to-top built attribute trees or dynamic attribute trees, which can change when attribute requirements change. Therefore, the proposed dynamic ABA scheme is more efficient in a dynamic environment by avoiding regenerating…

Scheme (programming language)AuthenticationComputer scienceComputerApplications_COMPUTERSINOTHERSYSTEMSConstruct (python library)computer.software_genreSignature (logic)Authentication protocolLightweight Extensible Authentication ProtocolData miningChallenge–response authenticationcomputerData Authentication Algorithmcomputer.programming_language
researchProduct

Automatic evaluation of information provider reliability and expertise

2013

Published version of an article in the journal: World Wide Web. Also available from the publisher at: http://dx.doi.org/10.1007/s11280-013-0249-x Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality o…

user expertiseDistributed databaseComputer Networks and Communicationsbusiness.industryComputer scienceAggregate (data warehouse)Behavior changeCognitionMachine learningcomputer.software_genrePeer reviewuser reliabilityVDP::Mathematics and natural science: 400::Information and communication science: 420Hardware and ArchitectureOrder (business)Q&A social networksPairwise comparisonArtificial intelligencebusinessSubjective logicSet (psychology)computerSoftwareReliability (statistics)subjective logic
researchProduct

Privacy Violation Classification of Snort Ruleset

2010

Published version of a paper presented at the 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher:http://dx.doi.org/10.1109/PDP.2010.87 It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand a…

VDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424Information privacyNaive Bayes classifierComputer scienceRelational databasePrivacy softwareData securityConfidentialityNetwork monitoringIntrusion detection systemData miningcomputer.software_genrecomputer
researchProduct

A Novel Approach to Improve the Accuracy of Web Retrieval

2010

General purpose search engines utilize a very simple view on text documents: They consider them as bags of words. It results that after indexing, the semantics of documents is lost. In this paper, we introduce a novel approach to improve the accuracy of Web retrieval. We utilize the WordNet and WordNet SenseRelate All Words Software as main tools to preserve the semantics of the sentences of documents and user queries. Nouns and verbs in the WordNet are organized in the tree hierarchies. The word meanings are presented by numbers that reference to the nodes on the semantic tree. The meaning of each word in the sentence is calculated when the sentence is analyzed. The goal is to put each nou…

Information retrievalConcept searchComputer sciencebusiness.industryInformationSystems_INFORMATIONSTORAGEANDRETRIEVALSearch engine indexingWord processingWordNetcomputer.software_genreSemanticsComputingMethodologies_ARTIFICIALINTELLIGENCETree (data structure)NounComputingMethodologies_DOCUMENTANDTEXTPROCESSINGArtificial intelligencebusinesscomputerNatural language processingSentence2010 5th International Conference on Future Information Technology
researchProduct

Decision-cache based XACML authorisation and anonymisation for XML documents

2012

Author's version of an article in the journal: Computer Standards and Interfaces. Also available from the publisher at: http://dx.doi.org/10.1016/j.csi.2011.10.007 This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligation service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specifi…

authorisationSoftware_OPERATINGSYSTEMSMarkup languageComputer sciencecomputer.internet_protocolXACMLAccess controlIntrusion detection systemcomputer.software_genrecachingXACMLcomputer.programming_languageanonymisationVDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424AuthenticationDatabasebusiness.industryComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSHardware and ArchitectureCacheprivacy policyWeb servicebusinessLawcomputerSoftwareXMLComputer Standards & Interfaces
researchProduct

Constraints validation in privacy-preserving attribute-based access control

2015

Attribute-Based Access Control (ABAC) has been found to be extremely useful and flexible and has drawn a lot of research in recent years. It was observed that in the context of new emerging applications, attributes play an increasingly important role both in defining and enforcing more elaborated and flexible security policies. Recently, NIST has proposed more formal definition of ABAC. In this paper we discuss a general privacy-preserving ABAC model (which combines both authentication and authorization) and propose an approach to handle constraints in such privacy preserving setting.

Information privacyAuthenticationComputer access controlComputer sciencebusiness.industryContext (language use)Access controlSecurity policyComputer securitycomputer.software_genrePrivacy preservingNISTbusinesscomputer2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS)
researchProduct

Security Enhancement of Peer-to-Peer Session Initiation

2012

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both the academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, the decentralization features come to the cost of the reduced manageability and create new concerns. Until now, the main focus of research was on the availability of the network and systems, while few attempts are put on protecting privacy. In this chapter, we investigate on P2PSIP security issues and introduce two enhancement solutions: central based security and distributed trust security, both of which have their own advanta…

Computer sciencebusiness.industryInternet privacySecurity enhancementSession (computer science)Peer-to-peercomputer.software_genrebusinesscomputer
researchProduct

Patenter som innovasjonsindikatorer : Komparativ analyse av 3 ulike bransjer i 4 nordiske land i perioden 1996 til 2005

2013

Ved bruk av patentdatabasen USPTO (US Patent & Trademark Office) som inneholder samtlige amerikanske patenter og mønsterbeskyttelser, er det utført en analyse med formål å sammenligne patenteringsaktivitet i Norge, Danmark, Sverige og Finland for følgende tre bransjer: Kuldeteknikk, Offshoreteknikk, og Telekommunikasjon. Målet med denne undersøkelsen er en studie av: • Indikatorer for teknologisk utvikling og innovasjon. • Patenter benyttet som innovasjonsindikatorer. • Patenteringsaktivitet i tre ulike bransjer/patentklasser i fire forskjellige land. Fra analysen kan følgende oppsummeres: • Bruk av Patentstatistikk, ved å telle antall patenter, benyttes for å vurdere omfanget av patenterin…

researchProduct

Privacy handling for critical information infrastructures

2013

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identif…

Information privacyPrivacy by DesignComputer sciencebusiness.industryPrivacy softwareComputer securitycomputer.software_genreEncryptionInformation sensitivityEnterprise service busPrivacy-enhancing technologiesbusinessResilience (network)computer2013 11th IEEE International Conference on Industrial Informatics (INDIN)
researchProduct

An Efficient Multi-Show Unlinkable Attribute Based Credential Scheme for a Collaborative E-Health Environment

2017

Modern electronic healthcare (e-health) systems constitute collaborative environments in which patients' private health data are shared across multiple domains. In such environments, patients' privacy can be violated through the linkability of different user access sessions over patient health data. Therefore, enforcing anonymous as well as multi-session unlinkable access for the users in e-health systems is of paramount importance. As a way of achieving this requirement, more emphasis has been given to anonymous attribute credentials, which allows a user to anonymously prove the ownership of a set of attributes to a verifier and thereby gain access to protected resources. Among the existin…

Scheme (programming language)business.industryProperty (programming)Computer science020206 networking & telecommunications02 engineering and technologyComputer securitycomputer.software_genreCredentialHealth dataSet (abstract data type)020204 information systemsHealth care0202 electrical engineering electronic engineering information engineeringComputingMilieux_COMPUTERSANDSOCIETYThe Internetbusinesscomputercomputer.programming_language2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)
researchProduct

A secure architecture for P2PSIP-based communication systems

2009

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, it comes to the cost of reduced manageability and therefore causes security problems, e.g. distrust, privacy leaks, unpredictable availability, etc. In this paper, we investigate on P2PSIP security issues and propose a proxy-based system architecture that improves security during P2PSIP session initiation. The main issues considered in this architecture include Source inter-working, Encryption & Decryption, Policy Management, Desti…

PastryComputer sciencebusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSComputer securitycomputer.software_genreCommunications systemEncryptionDistributed hash tableContent addressable networkDistributed System Security ArchitectureSystems architecturebusinessChord (peer-to-peer)computerComputer networkProceedings of the 2nd international conference on Security of information and networks - SIN '09
researchProduct

Design Requirements for a Patient Administered Personal Electronic Health Record

2011

Published version of a chapter in the book: Biomedical engineering, trends in electronics, communications and software. Intech, 2011 Open Access

VDP::Technology: 500::Information and communication technology: 550::Computer technology: 551SoftwareMultimediaElectronic health recordbusiness.industryMedicineElectronicsbusinesscomputer.software_genreGeneralLiterature_REFERENCE(e.g.dictionariesencyclopediasglossaries)computer
researchProduct

Formal Analysis and Model Checking of a Group Authentication Protocol by Scyther

2016

Scyther [1] is designed to check the security and vulnerabilities of security protocols. In this paper, we use Scyther to analyze two discrete logarithm problem (DLP) based group authentication protocols proposed in [2]. These two protocols are claimed to satisfy several security requirements, but only part of them have been checked because of the properties and limitations of Scyther. Some positive results have been gained and show that the protocols provide mutual authentication and implicit key authentication and are secure against impersonation attack. An important innovation in this paper is that we have extended the expressing ability of Scyther by giving some reasonable assumption du…

Model checkingAuthenticationTheoretical computer scienceComputer sciencebusiness.industry020206 networking & telecommunicationsCryptography02 engineering and technologyMutual authenticationCryptographic protocolComputer securitycomputer.software_genreKey authenticationDiscrete logarithmAuthentication protocol0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingbusinesscomputer2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)
researchProduct

Security in Mobile Wireless Sensor Networks – A Survey

2011

Published version of an article in the journal: Journal of Communications. Also available from the publisher at: http://dx.doi.org/10.4304/jcm.6.2.128-142. OA Thanks to recent advances in robotics, sensors and wireless communications, it is feasible to develop a variety of new architectures for Mobile Wireless Sensor Networks (MWSNs) that play an important role in various applications such as battlefield surveillance, harbor monitoring, etc. However, due to the dynamic of mobile network topology in MWSNs, many new security challenges have emerged. In this article, we give a survey on the state of the art technologies in security aspects of MWSNs. We review existing work that provides securi…

Wi-Fi arrayComputer sciencebusiness.industryWireless networkWireless WANComputer securitycomputer.software_genreKey distribution in wireless sensor networksWireless site surveymobile Wireless Sensor Network security Wireless Sensor NetworkNetwork Access ControlVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552Mobile wireless sensor networkElectrical and Electronic EngineeringbusinesscomputerWireless sensor networkComputer networkJournal of Communications
researchProduct

Information Security and Privacy in Medical Application Scenario

2010

This chapter discusses security and privacy aspects for medical application scenario. The chapter analyze what kind security and privacy enforcements would be needed and how it can be achieved by technological means. Authors reviewed cryptographic mechanisms and solutions that can be useful in this context.

Information privacyCloud computing securityPrivacy by Designbusiness.industryPrivacy softwareInternet privacyComputer securitycomputer.software_genreSecurity information and event managementInformation sensitivityInformation security managementbusinessPersonally identifiable informationcomputer
researchProduct

Security and privacy in the cloud a long-term view

2011

In this paper we analyze security and privacy aspects of the cloud. We take a long-term view since the scope of privacy is potentially the lifetime of the privacy subject. We investigate trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. We also present promising solution for credible privacy in a cloud environment.

Information privacyCloud computing securityScope (project management)Privacy by DesignComputer sciencebusiness.industryPrivacy softwareData_MISCELLANEOUSInternet privacyCloud computingComputer securitycomputer.software_genreTerm (time)ComputingMilieux_COMPUTERSANDSOCIETYSubjective logicbusinesscomputer2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE)
researchProduct

SLFTD: A Subjective Logic Based Framework for Truth Discovery

2019

Finding truth from various conflicting candidate values provided by different data sources is called truth discovery, which is of vital importance in data integration. Several algorithms have been proposed in this area, which usually have similar procedure: iteratively inferring the truth and provider’s reliability on providing truth until converge. Therefore, an accurate provider’s reliability evaluation is essential. However, no work pays attention to “how reliable this provider continuously providing truth”. Therefore, we introduce subjective logic, which can record both (1) the provider’s reliability of generating truth, and (2) reliability of provider continuously doing so. Our propose…

050101 languages & linguisticseducation.field_of_studybusiness.industryComputer science05 social sciencesPopulation02 engineering and technologySensor fusionMachine learningcomputer.software_genreDiscriminative model0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processing0501 psychology and cognitive sciencesArtificial intelligencebusinessSubjective logiceducationCategorical variablecomputerReliability (statistics)Generative grammarData integration
researchProduct

A novel scheme for privacy preserving in RBAC

2013

Role Based Access Control (RBAC) Model has been proved to be quite useful and has drawn a lot of research interest over the last fifteen years. In this paper we discuss general context-aware RBAC model. We analyze potential privacy threats associated with use of context-aware RBAC and propose a novel scheme that provides privacy-preserving for access models based on RBAC.

Privacy preservingScheme (programming language)ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSInformation privacySoftware_OPERATINGSYSTEMSComputer scienceAuthorizationRole-based access controlComputer securitycomputer.software_genrecomputercomputer.programming_language2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS)
researchProduct

PRIvacy LEakage Methodology (PRILE) for IDS Rules

2010

This paper introduces a methodology for evaluating PRIvacy LEakage in signature-based Network Intrusion Detection System (IDS) rules. IDS rules that expose more data than a given percentage of all data sessions are defined as privacy leaking. Furthermore, it analyses the IDS rule attack specific pattern size required in order to keep the privacy leakage below a given threshold, presuming that occurrence frequencies of the attack pattern in normal text are known. We have applied the methodology on the network intrusion detection system Snort’s rule set. The evaluation confirms that Snort in its default configuration aims at not being excessively privacy invasive. However we have identified s…

Set (abstract data type)Pattern sizeEngineeringbusiness.industryPrivacy softwareData miningNetwork intrusion detectionLeakage (economics)computer.software_genreComputer securitybusinesscomputerSignature (logic)
researchProduct

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

2010

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0069-6 The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mob…

business.industryComputer scienceVDP::Technology: 500::Information and communication technology: 550Context (language use)Cloud computingIntrusion detection systemManaged security servicecomputer.software_genreComputer securityComputer Science ApplicationsInformation sensitivityVirtual machineMalwareElectrical and Electronic EngineeringIntrusion prevention systembusinesscomputerMobile deviceComputer networkWireless Personal Communications
researchProduct

Secure and efficient data storage in unattended wireless sensor networks

2009

©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Article also available from publisher: http://dx.doi.org/10.1109/NTMS.2009.5384753 Providing forward and backward secrecy is still a big challenge in Unattended Wireless Sensor Networks (UWSNs), though some storage schemes have been proposed. Additionally, high storage requirement needs efficient storage techniques. In this paper, we propose a novel homomorphic…

Scheme (programming language)business.industryComputer scienceMobile computingHomomorphic encryptionCryptographyComputer data storageSecrecyVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552Mobile telephonybusinesscomputerWireless sensor networkcomputer.programming_languageComputer network
researchProduct

Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions

2016

In the last few decades, there have been significant efforts in integrating information and communication technologies (ICT) into healthcare practices. This new paradigm commonly identified as electronic healthcare (e-health) allows provisioning of healthcare services at an affordable price to its consumers. However, there have been questions raised about the security of the sensitive information such as health records as well as the privacy of involving parties raising doubts on the minds of the general public. Thus, it is important to understand the potential security challenges in e-health systems and successfully resolve them by taking adequate measures to ensure fair utilization of suc…

Information privacy020205 medical informaticsPrivacy by DesignComputer Networks and Communicationsbusiness.industryPrivacy softwareComputer scienceInternet privacyAccess controlProvisioning02 engineering and technologyLibrary and Information SciencesComputer securitycomputer.software_genreInformation sensitivityInformation and Communications Technology0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingbusinesscomputerPersonally identifiable informationInformation SystemsInternational Journal of Information Management
researchProduct

Mobile Security with Location-Aware Role-Based Access Control

2012

Published version of an article from the book: Security and privacy in mobile information and communication systems. Also available on SpringerLink: http://dx.doi.org/10.1007/978-3-642-30244-2_15 This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC c…

Software_OPERATINGSYSTEMSMarkup languagebusiness.industryComputer scienceSeparation of dutiesXACMLComputerApplications_COMPUTERSINOTHERSYSTEMSAccess controlComputer securitycomputer.software_genreFirewall (construction)Software deploymentVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552Role-based access controlbusinesscomputerMobile deviceComputer networkcomputer.programming_language
researchProduct

Two tiered privacy enhanced intrusion detection system architecture

2009

The paper describes an architecture for privacy-enhanced intrusion detection systems, that separates privacy-invasive and privacy-preserving operations. This can be useful in cases where less sensitive network monitoring is outsourced to a third party and more sensitive network monitoring operations and data forensics are performed in-house or by law enforcement agencies.

Network forensicsInformation privacyComputer sciencePrivacy policyLaw enforcementXACMLComputingMilieux_LEGALASPECTSOFCOMPUTINGIntrusion detection systemNetwork monitoringComputer securitycomputer.software_genreHost-based intrusion detection systemcomputercomputer.programming_language2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications
researchProduct

An Anonymous Delegatable Attribute-based Credential Scheme for a Collaborative E-health Environment

2019

We propose an efficient anonymous, attribute-based credential scheme capable of provisioning multi-level credential delegations. It is integrated with a mechanism to revoke the anonymity of credentials for resolving access disputes and making users accountable for their actions. The proposed scheme has a lower end-user computational complexity in comparison to existing credential schemes with delegatability and has a comparable level of performance with the credential standards of U-Prove and Idemix. Furthermore, we demonstrate how the proposed scheme can be applied to a collaborative e-health environment to provide its users with the necessary anonymous access with delegation capabilities.

Scheme (programming language)Computational complexity theoryDelegationComputer Networks and CommunicationsComputer sciencemedia_common.quotation_subject020206 networking & telecommunicationsProvisioning02 engineering and technologyComputer securitycomputer.software_genreCredentialComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS0202 electrical engineering electronic engineering information engineeringComputingMilieux_COMPUTERSANDSOCIETYcomputermedia_commoncomputer.programming_languageAnonymityACM Transactions on Internet Technology
researchProduct

Trust-based framework for security enhancement of P2PSIP communication systems

2009

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g. privacy leaks, unpredictable availability, etc. In this paper, we investigate on P2PSIP security issues and propose a subjective based trust model that offers trust services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, data confidentiality and integrity, message rou…

business.industryNetwork securityComputer scienceComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSCryptographyCommunications systemComputer securitycomputer.software_genreDistributed hash tableNAT traversalServerConfidentialitybusinessChord (peer-to-peer)computerComputer network2009 International Conference for Internet Technology and Secured Transactions, (ICITST)
researchProduct

A Scheme for Secure and Reliable Distributed Data Storage in Unattended WSNs

2010

Unattended Wireless Sensor Networks (UWSNs) operated in hostile environments face a risk on data security due to the absence of real-time communication between sensors and sinks, which imposes sensors to accumulate data till the next visit of a mobile sink to off-load the data. Thus, how to ensure forward secrecy, backward secrecy and reliability of the accumulated data is a great challenge. For example, if a sensor is compromised, pre-compromise data accumulated in the sensor is exposed to access. In addition, by holding key secrecy of the compromised sensor, attackers also can learn post-compromise data in the sensor. Furthermore, in practical UWSNs, once sensors stop working for accident…

Computer sciencebusiness.industryForward secrecyReliability (computer networking)Node (networking)SecrecyDistributed data storeProbabilistic logicData securitybusinessWireless sensor networkComputer network2010 IEEE Global Telecommunications Conference GLOBECOM 2010
researchProduct

A Patient-Centric Attribute Based Access Control Scheme for Secure Sharing of Personal Health Records Using Cloud Computing

2016

Personal health records (PHR) are an emerging health information exchange model, which facilitates PHR owners to efficiently share their private health data among a variety of users including healthcare professionals as well as family and friends. PHRs are usually outsourced and stored in third-party cloud platforms which relieves PHR owners from the burden of managing their PHR data while achieving better availability of health data. However, outsourcing private health data raises significant privacy concerns because there is a higher risk of leaking health information to unauthorized parties. To ensure PHR owners' control of their outsourced PHR data, attribute based encryption (ABE) mech…

020203 distributed computingbusiness.industryComputer scienceInternet privacy020206 networking & telecommunicationsAccess controlHealth information exchangeCloud computing02 engineering and technologyEncryptionComputer securitycomputer.software_genreOutsourcingResource (project management)Health care0202 electrical engineering electronic engineering information engineeringAttribute-based encryptionbusinesscomputer2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC)
researchProduct

Ontology-based service matching and discovery

2011

In this paper we consider ontologies as knowledge structures that specify attributes of services, their properties and relations among them to enable finding semantic similarity between service descriptions and service requests. Ontologies reflect semantic relationship between concepts represented by attributes in service descriptions and service requests. We use knowledge from ontologies to enhance the both user service requests and service descriptions by adding concepts that are not presented in the original descriptions, and use them in comparison process. It results in more precise matching since we consider also implicit concepts. Thus services and requests that do not contain exact m…

Service (business)World Wide WebMatching (statistics)Information retrievalSemantic similarityComputer scienceService discoveryOntology (information science)Web serviceSemanticscomputer.software_genreOntology alignmentcomputerProceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems
researchProduct

Semantic retrieval: an approach to representing, searching and summarising text documents

2011

Nowadays, the internet is the major source of information for millions of people. There are many search tools available on the net but finding appropriate text information is still difficult. The retrieval efficiency of the presently used systems cannot be significantly improved: ‘bag of words’ interpretation causes losing semantics of texts. We applied the functional approach to represent English text documents. It allows taking into account semantic relations between words when indexing documents and use ordinary English sentences as queries to a search engine. The proposed retrieval mechanisms return only highly relevant documents. They make it possible to generate content-aware summarie…

Information retrievalConcept searchbusiness.industryComputer scienceSearch engine indexingSemantic searchFunctional approachWord searchSemanticscomputer.software_genreBag-of-words modelVisual WordArtificial intelligencebusinesscomputerNatural language processingInternational Journal of Information Technology, Communications and Convergence
researchProduct

Attribute based access control scheme with controlled access delegation for collaborative E-health environments

2017

Abstract Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience the full potential of e-health systems. In order to realize a flexible access control scheme, integrating access delegation is of paramount importance. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities. …

Scheme (programming language)Computer access controlDelegationRevocationComputer Networks and CommunicationsComputer sciencebusiness.industrymedia_common.quotation_subject020206 networking & telecommunications020207 software engineeringProvisioningAccess control02 engineering and technologyComputer securitycomputer.software_genre0202 electrical engineering electronic engineering information engineeringPhysical accessRole-based access controlSafety Risk Reliability and QualitybusinesscomputerSoftwaremedia_commoncomputer.programming_languageJournal of Information Security and Applications
researchProduct

Internet of things and privacy preserving technologies

2009

In this paper we consider different approaches to technological protection of users' privacy in the world of internet of things. Particularly, we consider what kind of problems and which level of protection can be achieved by applying approaches using secure multi-party computations.

Information privacyUbiquitous computingPrivacy by Designbusiness.industryComputer sciencePrivacy softwareInternet privacyData securityCryptographyComputer securitycomputer.software_genreWeb of ThingsThe Internetbusinesscomputer2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology
researchProduct

A survey on peer-to-peer SIP based communication systems

2010

Published version of an article from the journal: Peer-to-Peer Networking and Applications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s12083-009-0064-4 Recently, both academia and industry have initiated research projects directed on integration of P2PSIP paradigm into communication systems. In this paradigm, P2P network stores most of the network information on each participating peer without help of the central servers. The concept of self-configuration, self-establishment greatly improves the robustness of the network system compared with the traditional Client/Server based systems. In this paper, we survey P2PSIP solutions proposed recently both in …

VDP::Mathematics and natural science: 400::Information and communication science: 420::Communication and distributed systems: 423Computer Networks and Communicationsbusiness.industryComputer scienceMessage routingPeer-to-peerCommunications systemcomputer.software_genrePeer reviewWorld Wide WebNAT traversalRobustness (computer science)ServerVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552businessChord (peer-to-peer)computerSoftwareComputer networkPeer-to-Peer Networking and Applications
researchProduct

New client puzzle approach for DoS resistance in ad hoc Networks

2010

In this paper we propose a new client puzzle approach to prevent Denial of Service (DoS) attacks in ad hoc networks. Each node in the network first solves a computational problem and with the solution has to create and solve a client puzzle. By combining computational problems with puzzles, we improve the efficiency and latency of the communicating nodes and resistance in DoS attacks. Experimental results show the effectiveness of our approach.

business.industryWireless ad hoc networkComputer scienceServerMathematicsofComputing_GENERALCryptographyDenial-of-service attackComputational problemLatency (engineering)businessQA76Computer network2010 IEEE International Conference on Information Theory and Information Security
researchProduct

Towards Risk-aware Access Control Framework for Healthcare Information Sharing

2018

business.industryComputer scienceInformation sharingInternet privacyHealth care0202 electrical engineering electronic engineering information engineering020206 networking & telecommunications020201 artificial intelligence & image processingAccess control02 engineering and technologybusinessProceedings of the 4th International Conference on Information Systems Security and Privacy
researchProduct

A general framework for group authentication and key exchange protocols

2014

Published version of a chapter in the book: Foundations and Practice of Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-319-05302-8_3 In this paper, we propose a novel framework for group authentication and key exchange protocols. There are three main advantages of our framework. First, it is a general one, where different cryptographic primitives can be used for different applications. Second, it works in a one-to-multiple mode, where a party can authenticate several parties mutually. Last, it can provide several security features, such as protection against passive adversaries and impersonate attacks, implicit key authentication, forward and backward securi…

group authenticationAuthenticationPost-quantum cryptographyelliptic curve discrete logarithm problemCryptographic primitivediscrete logarithm problembusiness.industryVDP::Technology: 500::Information and communication technology: 550Computer securitycomputer.software_genreKey authenticationDiffie–Hellman key exchangePublic-key cryptographyDiffie-Hellman key exchangebusinesscomputerKey exchangeElGamal encryptionMathematics
researchProduct

Secure interworking with P2PSIP and IMS

2010

In this paper, we propose a secure system model for interconnection between P2PSIP and IMS domains. The interworking solution is based on P2P-IMS GateWay (PIGW), which acts as a normal peer in P2PSIP network and a 3rd party IMS Application Server (AS) in IMS network. The security is achieved by implementing Chord Secure Proxy (CSP) and enhanced with subjective logic based trust model. We also implement this system model and analyze it in several aspects: number of hops and delay, trust improvement and protection against malicious or compromised intermediate peers. We conclude that the proposed architecture is feasible and improves security. As far as we know our research is the first study …

Session Initiation ProtocolApplication serverbusiness.industryComputer sciencecomputer.internet_protocolComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSIP Multimedia Subsystemcomputer.software_genreSystem modelServerChord (peer-to-peer)businessSubjective logiccomputerInternetworkingComputer network
researchProduct

Blockchain Based Delegatable Access Control Scheme for a Collaborative E-Health Environment

2018

Modern electronic healthcare (e-health) settings constitute collaborative environments requiring sophisticated fine-grained access control mechanisms to cater their access demands. Access delegatability is quite crucial to realize fine-grained, flexible access control schemes compatible with such environments. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities suitable for a multi-domain e-health environment. We have utilized the blockchain technology to manage attribute assignments, delegations as well as revocations. The scheme enables delegations in a controlled manner without jeopard…

Scheme (programming language)DelegationRevocationbusiness.industryComputer sciencemedia_common.quotation_subject010401 analytical chemistryControl (management)Overhead (engineering)020206 networking & telecommunicationsAccess control02 engineering and technologyAttribute-based access controlComputer securitycomputer.software_genre01 natural sciences0104 chemical sciences0202 electrical engineering electronic engineering information engineeringInformationSystems_MISCELLANEOUSbusinessKey managementcomputermedia_commoncomputer.programming_language2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
researchProduct

Message from the Advanced Seminar Co-chairs

2015

Computer scienceLibrary science2015 16th IEEE International Conference on Mobile Data Management
researchProduct

A Cognitive-based scheme for user reliability and expertise assessment in Q&A social networks

2011

Q&A social media has gained a great deal of attention during recent years. People rely on these sites to obtain information due to the number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradictory answers, causing ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. In this work, we propose a novel approach for estimating the reliability and expertise of a user based on human cognitive traits. Every user can individually estimate these values based on local pairwise interactions. We examine…

Scheme (programming language)business.industryComputer sciencemedia_common.quotation_subjectCognitionAmbiguityMachine learningcomputer.software_genreAsynchronous communicationConvergence (routing)Pairwise comparisonSocial mediaArtificial intelligencebusinesscomputerReliability (statistics)computer.programming_languagemedia_common2011 IEEE International Conference on Information Reuse & Integration
researchProduct

Remote Patient Monitoring Within a Future 5G Infrastructure

2010

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0078-5 Systems of wearable or implantable medical devices (IMD), sensor systems for monitoring and transmitting physiological recorded signals, will in future health care services be used for purposes of remote monitoring. Today, there exist several constraints, probably preventing the adoption of such services in clinical routine work. Within a future 5G infrastructure, new possibilities will be available due to improved addressing solutions and extended security services in addition to higher bandwidth in the wireles…

TelemedicineRemote patient monitoringbusiness.industryComputer scienceWearable computerVDP::Technology: 500::Information and communication technology: 550Computer Science ApplicationsHealth careBandwidth (computing)WirelessMobile telephonyElectrical and Electronic EngineeringbusinessTelecommunications
researchProduct

An Efficient, Robust, and Scalable Trust Management Scheme for Unattended Wireless Sensor Networks

2012

Unattended Wireless Sensor Networks (UWSNs) are characterized by long periods of disconnected operation and fixed or irregular intervals between visits by the sink. The absence of an online trusted third party, i.e., an on-site sink, makes existing trust management schemes used in legacy wireless sensor networks not applicable to UWSNs directly. In this paper, we propose a trust management scheme for UWSNs to provide efficient, robust and scalable trust data storage. For trust data storage, we employ geographic hash table to efficiently identify data storage nodes and to significantly reduce storage cost. We demonstrate, through detailed analyses and extensive simulations, that the proposed…

Key distribution in wireless sensor networksComputer sciencebusiness.industryRobustness (computer science)Wireless ad hoc networkDistributed computingComputer data storageScalabilityTrusted ComputingTrusted third partybusinessWireless sensor networkComputer network2012 IEEE 13th International Conference on Mobile Data Management
researchProduct

Secure and Privacy Preserving Pattern Matching in Distributed Cloud-based Data Storage

2019

Given two strings: pattern $p$ of length $m$ and text $t$ of length $n$ . The string matching problem is to find all (or some) occurrences of the pattern $p$ in the text $t$ . We introduce a new simple data structure, called index arrays, and design fast privacy-preserving matching algorithm for string matching. The motivation behind introducing index arrays is determined by the need for pattern matching on distributed cloud-based datasets with semi-trusted cloud providers. It is intended to use encrypted index arrays both to improve performance and protect confidentiality and privacy of user data.

021110 strategic defence & security studiesTheoretical computer scienceComputer sciencebusiness.industry0211 other engineering and technologiesCloud computing02 engineering and technologyString searching algorithmData structureEncryptionSimple (abstract algebra)Computer data storagePattern matchingbusinessBlossom algorithm2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS)
researchProduct

A distributed data storage and retrieval scheme in unattended WSNs using Homomorphic Encryption and secret sharing

2009

Many data storage schemes have been proposed in the past for keeping dependable data storage, but they are not designed for Unattended Wireless Sensor Networks (UWSNs). When applying these schemes to UWSNs, most of them have limitations such as high storage requirement, transmission cost, and not resilient to a large number of node compromises. To address the problem of data storage, transmission cost, and resilience of node compromise in UWSNs, we propose a novel Homomorphic Encryption and Homomorphic Secret Sharing based scheme (HEHSS) to accomplish the goals of confidentiality, resilience to node compromises, reliability, and efficiency of storage and transmission. Our scheme exploits th…

Homomorphic secret sharingbusiness.industryComputer scienceNode (networking)Distributed data storeHomomorphic encryptionCryptographybusinessEncryptionSecret sharingWireless sensor networkComputer network2009 2nd IFIP Wireless Days (WD)
researchProduct

An efficient Chinese remainder theorem based node capture resilience scheme for Mobile WSNs

2010

Node capture attack is a critical issue in Mobile WSNs where attacker-controlled replicas may act maliciously. In this paper, we present a novel Chinese remainder theorem based node capture resilience scheme that can be utilized to discover and revoke captured nodes. Moreover, our scheme can limit the ability of captured nodes to further compromise forward security, backward security, and launch collusion attacks. Detailed analysis shows that our scheme indeed achieves the expected design goals.

Mobile radiobusiness.industryForward secrecyComputer scienceNode (networking)Mobile computingCryptographyMobile telephonybusinessResilience (network)Chinese remainder theoremComputer network2010 IEEE International Conference on Information Theory and Information Security
researchProduct

Trust enhancement of P2PSIP communication systems

2011

Today, peer-to-peer (P2P) session initiation protocol (SIP)-based communication systems have attracted much attention from both academia and industry. The decentralised nature of P2P might provide the distributed P2P communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g., privacy leaks, unpredictable availability, etc. In this paper, we investigate P2PSIP security issues and propose a subjective logic-based trust model that offers trust-based security services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, d…

Session Initiation ProtocolComputer Networks and CommunicationsComputer sciencecomputer.internet_protocolComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSOverlayComputer securitycomputer.software_genreCommunications systemComputer Science ApplicationsDistributed hash tableNAT traversalConfidentialitySubjective logicChord (peer-to-peer)computerInternational Journal of Internet Technology and Secured Transactions
researchProduct

Traceable hierarchical attribute-based authentication for the cloud

2015

When data owners store their data on cloud servers, they may want to define the access requirements themselves, where attribute-based authentication (ABA) can be a good choice for the solution. In this paper, we propose a traceable hierarchical ABA (HABA) solution which fits two situations in the cloud. The first situation is when cloud users are organized in groups of a hierarchical structure and the access allowance can only be granted to users in a specific group. The second situation is that attributes are organized in a hierarchical structure with different priorities, such that only users who own the required attributes of a specific priority can be authenticated and access the data. …

Structure (mathematical logic)HierarchyAuthenticationDatabasebusiness.industryComputer scienceAllowance (money)Cloud computingComputer securitycomputer.software_genreEncryptionbusinessCloud servercomputer2015 IEEE Conference on Communications and Network Security (CNS)
researchProduct

Enforcing mobile security with location-aware role-based access control

2013

This paper describes how location-aware role-based access control RBAC can be implemented on top of the Geospatial eXtensible Access Control Markup Language GeoXACML. It furthermore sketches how spatial separation of duty constraints both static and dynamic can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations, which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location-dependent access control and also other security enhancing solutions on mobile devices, such as location-dependent device locking, firewall, intrusion prevention or payment…

Markup languageGeospatial analysisComputer Networks and CommunicationsComputer scienceSeparation of dutiesbusiness.industryXACML020206 networking & telecommunicationsAccess control02 engineering and technologyComputer securitycomputer.software_genreFirewall (construction)020204 information systems0202 electrical engineering electronic engineering information engineeringRole-based access controlbusinessMobile devicecomputerInformation Systemscomputer.programming_languageComputer networkSecurity and Communication Networks
researchProduct

An Efficient Traceable Attribute-Based Authentication Scheme with One-Time Attribute Trees

2015

Attribute-based authentication (ABA) is a way to authenticate signers by means of attributes and it requests proof of possessing required attributes from the one to be authenticated. To achieve the property of traceability, required attributes should be combined with the signer’s attribute private keys in order to generate a signature. In some schemes, signers’ attribute keys are related to attribute trees, so changing attribute trees will cause the regeneration of all related attribute keys. In this paper, we propose an efficient traceable ABA scheme, where the generation of signers’ attribute keys is independent from attribute trees. Thus the same set of attribute keys can be used with a …

Scheme (programming language)AuthenticationProperty (philosophy)Theoretical computer scienceTraceabilityDatabaseComputer scienceAuthentication schemecomputer.software_genreSignature (logic)Set (abstract data type)ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSAttribute treecomputercomputer.programming_language
researchProduct

Context-aware summary generation for Web pages

2009

General purpose search engines provide users with lists of retrieved documents in response to their queries. The common structure of list elements includes the title of a document, its URL, and small snippet from the text. Snippets are evidence of occurrences of query's keywords in the document. The length of each snippet is just a couple of lines. They cannot play a role of summaries of retrieved documents: In many cases, they are not indicative and users cannot judge on the relevancy of documents. In our approach we use ontology as context description and that ontology will be used to describe user's main interest with respect to wanted summary and help to select weighting of key words an…

World Wide WebStructure (mathematical logic)Information retrievalComputer scienceInformationSystems_INFORMATIONSTORAGEANDRETRIEVALWeb pageComputingMethodologies_DOCUMENTANDTEXTPROCESSINGKey (cryptography)Context (language use)ThesaurusDocument retrievalSnippetOntology (information science)2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications
researchProduct

Collaborative Assessment of Information Provider's Reliability and Expertise Using Subjective Logic

2011

QA each user can individually estimate the expertise and the reliability of her peers using her direct interactions with them and our framework. The online SN (OSN), which can be considered as a distributed database, performs continuous data aggregation for users expertise and reliability assessment in order to reach a consensus. We emulate a Q&A SN to examine various performance aspects of our algorithm (e.g., convergence time, responsiveness etc.). Our evaluations indicate that it can accurately assess the reliability and the expertise of a user with a small number of samples and can successfully react to the latter's behavior change, provided that the cognitive traits hold in practice.

Distributed databaseComputer scienceBehavior changeComputerApplications_COMPUTERSINOTHERSYSTEMSCognitioncomputer.software_genreInformation providersOrder (business)Human–computer interactionConvergence (routing)Data miningSubjective logiccomputerReliability (statistics)Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing
researchProduct

A trust-based security enforcement in disruption-tolerant networks

2017

We propose an approach to enforce security in disruption- and delay-tolerant networks (DTNs) where long delays, high packet drop rates, unavailability of central trusted entity etc. make traditional approaches unfeasible. We use trust model based on subjective logic to continuously evaluate trustworthiness of security credentials issued in distributed manner by network participants to deal with absence of centralised trusted authorities.

Network packetbusiness.industryComputer science020206 networking & telecommunications02 engineering and technologyComputer securitycomputer.software_genreMedical servicesTrustworthiness020204 information systems0202 electrical engineering electronic engineering information engineeringPeer to peer computingComputational trustUnavailabilitySubjective logicbusinessEnforcementcomputerComputer network2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS)
researchProduct

PLC security and critical infrastructure protection

2013

Programmable Logic Controllers (PLCs) are the most important components embedded in Industrial Control Systems (ICSs). ICSs have achieved highest standards in terms of efficiency and performance. As a result of that, higher portion of infrastructure in industries has been automated for the comfort of human beings. Therefore, protection of such systems is crucial. It is important to investigate the vulnerabilities of ICSs in order to solve the threats and attacks against critical infrastructure to protect human lives and assets. PLC is the basic building block of an ICS. If PLCs are exploited, overall system will be exposed to the threat. Many believed that PLCs are secured devices due to it…

Control system securityEngineeringbusiness.industryProgrammable logic controllerCritical infrastructure protectionIndustrial control systemComputer securitycomputer.software_genreStuxnetCritical infrastructureData Protection Act 1998Isolation (database systems)businesscomputer2013 IEEE 8th International Conference on Industrial and Information Systems
researchProduct

A spatial role-based authorization framework for sensor network-assisted indoor WLANs

2009

©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Article also available from publisher: http://dx.doi.org/10.1109/WIRELESSVITAE.2009.5172549 In this paper, we propose a spatial role-based authorization framework which specifies authorization based on both role and location constrains in a wireless local area network with assistance from a sensor network. The framework performs a location-restricted verificati…

business.industryComputer scienceData securityPermissionlaw.inventionResource (project management)lawServerVDP::Technology: 500::Information and communication technology: 550::Telecommunication: 552Wi-FiMobile telephonybusinessWireless sensor networkFormal verificationComputer network2009 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology
researchProduct

SCARKER: A sensor capture resistance and key refreshing scheme for mobile WSNs

2011

How to discover a captured node and to resist node capture attack is a challenging task in Wireless Sensor Networks (WSNs). In this paper, we propose a node capture resistance and key refreshing scheme for mobile WSNs which is based on the Chinese remainder theorem. The scheme is able of providing forward secrecy, backward secrecy and collusion resistance for diminishing the effects of capture attacks. By implementing our scheme on a Sun SPOT based sensor network testbed, we demonstrate that the time for updating a new group key varies from 56 ms to 546 ms and the energy consumption is limited to 16.5–225 mJ, depending on the length of secret keys and the number of sensors in a group.

business.industryComputer scienceNode (networking)TestbedMobile computingEnergy consumptionSun SPOTKey distribution in wireless sensor networksForward secrecyMobile telephonybusinessWireless sensor networkComputer networkGroup key2011 IEEE 36th Conference on Local Computer Networks
researchProduct

Improving Chord Lookup Protocol for P2PSIP-Based Communication Systems

2009

Chord has been suggested as mandatory overlay technology in the future P2PSIP-based communication systems. Chord allows for the available peer/resource lookup in no more than hops, where N is the total number of the peers in the overlay network. However, as a protocol originally designed for background downloading applications, Chord has a few drawbacks when supporting P2PSIP real-time communication systems. These drawbacks are related to ID assignment, the relation between ID and physical location, the routing styles and lack of cache, etc. In this paper, we investigate several approaches that can improve the efficiency of the peer/resource lookup algorithm. After that, we simulate two sys…

business.industryComputer scienceDistributed computingComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSReal time communication systemsOverlay networkOverlayCommunications systemUploadPeer to peer computingCachebusinessChord (peer-to-peer)Computer network2009 International Conference on New Trends in Information and Service Science
researchProduct

FoSBaS: A bi-directional secrecy and collusion resilience key management scheme for BANs

2012

Body Area Network (BAN) consists of various types of small physiological sensors, transmission modules and low computational components and can thus form an E-health solution for continuous all-day and any-place health monitoring. To protect confidentiality of collected data, a shared group key is usually deployed in a BAN, and consequently a secure communication group is generated. In this paper, we propose a bi-directional security and collusion resilience key management scheme for BAN, referred to as FoSBaS. Detailed analysis shows that the scheme can provide both forward security and backward security and resist against collusion attacks. Furthermore, the FoSBaS is implemented on a Sun …

business.industryComputer scienceNode (networking)TestbedCryptographyEnergy consumptionSun SPOTComputer securitycomputer.software_genreSecure communicationForward secrecyBody area networkSecrecyResilience (network)businessKey managementcomputerWireless sensor networkGroup keyComputer network2012 IEEE Wireless Communications and Networking Conference (WCNC)
researchProduct

Privacy-preserving scheme for mobile ad hoc networks

2011

This paper proposes a decentralized trust establishment protocol for mobile ad hoc networks (MANETs), where nodes establish security associations. In order to achieve privacy and security, we use homomorphic encryption and polynomial intersection so as to find the intersection of two sets. The first set represents a list of recommenders of the initiator and the second set is a list of trusted recommenders of the responder. The intersection of the sets represents a list of nodes that recommend the first node and their recommendations are trusted by the second node. In our experimental results we show that our scheme is effective even if there are 30 trusted nodes.

Vehicular ad hoc networkComputer scienceWireless ad hoc networkbusiness.industryMobile computingCryptographyMobile ad hoc networkEncryptionQA76Optimized Link State Routing ProtocolSecurity associationReputation systemComputer Science::Networking and Internet ArchitecturebusinessComputer Science::Cryptography and SecurityComputer network2011 IEEE Symposium on Computers and Communications (ISCC)
researchProduct

A Distributed Multi-Authority Attribute Based Encryption Scheme for Secure Sharing of Personal Health Records

2017

Personal health records (PHR) are an emerging health information exchange model, which facilitates PHR owners to efficiently manage their health data. Typically, PHRs are outsourced and stored in third-party cloud platforms. Although, outsourcing private health data to third-party platforms is an appealing solution for PHR owners, it may lead to significant privacy concerns, because there is a higher risk of leaking private data to unauthorized parties. As a way of ensuring PHR owners' control of their outsourced PHR data, attribute based encryption (ABE) mechanisms have been considered due to the fact that such schemes facilitate a mechanism of sharing encrypted data among a set of intende…

020205 medical informaticsRevocationbusiness.industryComputer scienceInternet privacyCloud computingAccess controlHealth information exchange02 engineering and technologyEncryptionComputer securitycomputer.software_genreOutsourcingScalability0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingAttribute-based encryptionbusinesscomputerProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies
researchProduct

Secure Group Communication Using Fractional Public Keys

2010

Published version of a paper presented at the ARES '10 International Conference on Availability, Reliability, and Security (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher:http://dx.doi.org/10.1109/ARES.2010.13 In this paper, we present the novel concept of fractional public keys and an efficient zero-round multi-party Diffie-Hellman key agreement sc…

VDP::Mathematics and natural science: 400::Information and communication science: 420::Security and vulnerability: 424TheoryofComputation_MISCELLANEOUSScheme (programming language)business.industryComputer scienceKey spaceTheoryofComputation_GENERALCryptographyPublic-key cryptographySymmetric-key algorithmCommunication in small groupsCollusionbusinessKey managementcomputerComputer networkcomputer.programming_language2010 International Conference on Availability, Reliability and Security
researchProduct

Trust-enhanced data integrity model

2012

In this paper we propose an enhancement of data integrity model. The proposed model is based on the idea of Biba integrity model but uses more elaborated integrity measurements. Since integrity can be seen as “trustworthiness of data and resources”, we propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness.

TrustworthinessComputer scienceData integrityTrusted ComputingSubjective logicComputer securitycomputer.software_genrecomputer2012 IEEE 1st International Symposium on Wireless Systems (IDAACS-SWS)
researchProduct

Optimized secure and reliable distributed data storage scheme and performance evaluation in unattended WSNs

2013

Unattended Wireless Sensor Networks (UWSNs), characterized by the absence of real-time communication between sensors and sinks, impose sensors to retain data till the next visit of a mobile sink to off-load their data. In such networks, if a sensor is compromised, data accumulated in the sensor are exposed to attackers. In addition, by holding the secret key of the compromised sensor, attackers can also learn post-compromise data accumulated by the sensor. Furthermore, once sensors stop working due to, for instance, node crash or battery depletion, all the accumulated data will be lost. In this paper, we propose a secure and reliable data distribution scheme that addresses these challenges.…

Key distribution in wireless sensor networksComputer Networks and CommunicationsForward secrecybusiness.industryComputer scienceNode (networking)Distributed data storeProbabilistic logicKey (cryptography)businessWireless sensor networkComputer networkComputer Communications
researchProduct

Intrusion Detection with Interpretable Rules Generated Using the Tsetlin Machine

2020

The rapid deployment in information and communication technologies and internet-based services have made anomaly based network intrusion detection ever so important for safeguarding systems from novel attack vectors. To this date, various machine learning mechanisms have been considered to build intrusion detection systems. However, achieving an acceptable level of classification accuracy while preserving the interpretability of the classification has always been a challenge. In this paper, we propose an efficient anomaly based intrusion detection mechanism based on the Tsetlin Machine (TM). We have evaluated the proposed mechanism over the Knowledge Discovery and Data Mining 1999 (KDD’99) …

Artificial neural networkbusiness.industryComputer science0206 medical engineeringDecision tree02 engineering and technologyIntrusion detection systemMachine learningcomputer.software_genreRandom forestSupport vector machineStatistical classificationKnowledge extraction0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingArtificial intelligencebusinesscomputer020602 bioinformaticsInterpretability2020 IEEE Symposium Series on Computational Intelligence (SSCI)
researchProduct