Access Security and Personal Privacy in Public Cellular Communication Systems: The Past, the Present and Beyond 2020

In order to predict the future one needs to understand the past and then interpolate as best as possible. We expect this to work reasonably well for a “2020 Scenario”, but we do not expect this approach to be valid for a “Beyond 2020” scenario.

An attribute based access control scheme for secure sharing of electronic health records

Electronic health records (EHRs) play a vital role in modern health industry, allowing the possibility of flexible sharing of health information in the quest of provisioning advanced and efficient healthcare services for the users. Although sharing of EHRs has significant benefits, given that such records contain lot of sensitive information, secure sharing of EHRs is of paramount importance. Thus, there is a need for the realization of sophisticated access control mechanisms for secure sharing of EHRs, which has attracted significant interest from the research community. The most prominent access control schemes for sharing of EHRs found in literature are role based and such solutions have…

A novel policy-driven reversible anonymisation scheme for XML-based services

Author's version of an article in the journal: Information Systems. Also available from the publisher at: http://dx.doi.org/10.1016/j.is.2014.05.007 This paper proposes a reversible anonymisation scheme for XML messages that supports fine-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol effectively implements a multi-level privacy and security based approach, s…

Trust-enhanced intelligent security model

In this paper we propose a trust-enhancement of access control to protect both integrity and confidentiality based on trustworthiness of users performing operations and documents' content analysis. We propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness. We assign confidentiality levels based on contents of documents and use opinions to express trustworthiness of such assignments.

An improvement of the batch-authentication and key agreement framework for P2P-based online social networks

Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.

Trust-aware RBAC

Published version of a chapter in the book: Computer Network Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-642-33704-8_9 In this paper we propose a trust-aware enhancement of RBAC (TA-RBAC) that takes trustworthiness of users into consideration explicitly before granting access. We assume that each role in the framework is associated with an expression that describe trustworthiness of subjects required to be able to activate the role, and each subject (user) has assigned trustworthiness level in the system. By adding trustworthiness constraints to roles we enhance system, for example, with more flexible ability to delegate roles, to control reading/updating…

The Design of Secure and Efficient P2PSIP Communication Systems

Recently, both academia and industry have initiated research projects directed on integration of P2PSIP paradigm into communication systems. In this paradigm, P2P network stores most of the network information among participating peers without help of the central servers. The concept of self-configuration, self-establishment greatly improves the robustness of the network system compared with the traditional Client/Server based systems. In this paper, we propose a system architecture for constructing efficient and secure P2PSIP communication systems. The proposed approach includes three-layer hierarchical overlay division, peer identifier assignment, cache based efficiency enhancement, proxy…

A Dynamic Attribute-Based Authentication Scheme

Attribute-based authentication (ABA) is an approach to authenticate users by their attributes, so that users can get authenticated anonymously and their privacy can be protected. In ABA schemes, required attributes are represented by attribute trees, which can be combined with signature schemes to construct ABA schemes. Most attribute trees are built from top to down and can not change with attribute requirement changes. In this paper, we propose an ABA scheme based on down-to-top built attribute trees or dynamic attribute trees, which can change when attribute requirements change. Therefore, the proposed dynamic ABA scheme is more efficient in a dynamic environment by avoiding regenerating…

Automatic evaluation of information provider reliability and expertise

Published version of an article in the journal: World Wide Web. Also available from the publisher at: http://dx.doi.org/10.1007/s11280-013-0249-x Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality o…

Privacy Violation Classification of Snort Ruleset

Published version of a paper presented at the 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher:http://dx.doi.org/10.1109/PDP.2010.87 It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand a…

A Novel Approach to Improve the Accuracy of Web Retrieval

General purpose search engines utilize a very simple view on text documents: They consider them as bags of words. It results that after indexing, the semantics of documents is lost. In this paper, we introduce a novel approach to improve the accuracy of Web retrieval. We utilize the WordNet and WordNet SenseRelate All Words Software as main tools to preserve the semantics of the sentences of documents and user queries. Nouns and verbs in the WordNet are organized in the tree hierarchies. The word meanings are presented by numbers that reference to the nodes on the semantic tree. The meaning of each word in the sentence is calculated when the sentence is analyzed. The goal is to put each nou…

Decision-cache based XACML authorisation and anonymisation for XML documents

Author's version of an article in the journal: Computer Standards and Interfaces. Also available from the publisher at: http://dx.doi.org/10.1016/j.csi.2011.10.007 This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligation service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specifi…

Constraints validation in privacy-preserving attribute-based access control

Attribute-Based Access Control (ABAC) has been found to be extremely useful and flexible and has drawn a lot of research in recent years. It was observed that in the context of new emerging applications, attributes play an increasingly important role both in defining and enforcing more elaborated and flexible security policies. Recently, NIST has proposed more formal definition of ABAC. In this paper we discuss a general privacy-preserving ABAC model (which combines both authentication and authorization) and propose an approach to handle constraints in such privacy preserving setting.

Security Enhancement of Peer-to-Peer Session Initiation

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both the academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, the decentralization features come to the cost of the reduced manageability and create new concerns. Until now, the main focus of research was on the availability of the network and systems, while few attempts are put on protecting privacy. In this chapter, we investigate on P2PSIP security issues and introduce two enhancement solutions: central based security and distributed trust security, both of which have their own advanta…

Patenter som innovasjonsindikatorer : Komparativ analyse av 3 ulike bransjer i 4 nordiske land i perioden 1996 til 2005

Ved bruk av patentdatabasen USPTO (US Patent & Trademark Office) som inneholder samtlige amerikanske patenter og mønsterbeskyttelser, er det utført en analyse med formål å sammenligne patenteringsaktivitet i Norge, Danmark, Sverige og Finland for følgende tre bransjer: Kuldeteknikk, Offshoreteknikk, og Telekommunikasjon. Målet med denne undersøkelsen er en studie av: • Indikatorer for teknologisk utvikling og innovasjon. • Patenter benyttet som innovasjonsindikatorer. • Patenteringsaktivitet i tre ulike bransjer/patentklasser i fire forskjellige land. Fra analysen kan følgende oppsummeres: • Bruk av Patentstatistikk, ved å telle antall patenter, benyttes for å vurdere omfanget av patenterin…

Privacy handling for critical information infrastructures

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identif…

An Efficient Multi-Show Unlinkable Attribute Based Credential Scheme for a Collaborative E-Health Environment

Modern electronic healthcare (e-health) systems constitute collaborative environments in which patients' private health data are shared across multiple domains. In such environments, patients' privacy can be violated through the linkability of different user access sessions over patient health data. Therefore, enforcing anonymous as well as multi-session unlinkable access for the users in e-health systems is of paramount importance. As a way of achieving this requirement, more emphasis has been given to anonymous attribute credentials, which allows a user to anonymously prove the ownership of a set of attributes to a verifier and thereby gain access to protected resources. Among the existin…

A secure architecture for P2PSIP-based communication systems

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, it comes to the cost of reduced manageability and therefore causes security problems, e.g. distrust, privacy leaks, unpredictable availability, etc. In this paper, we investigate on P2PSIP security issues and propose a proxy-based system architecture that improves security during P2PSIP session initiation. The main issues considered in this architecture include Source inter-working, Encryption & Decryption, Policy Management, Desti…

Design Requirements for a Patient Administered Personal Electronic Health Record

Published version of a chapter in the book: Biomedical engineering, trends in electronics, communications and software. Intech, 2011 Open Access

Formal Analysis and Model Checking of a Group Authentication Protocol by Scyther

Scyther [1] is designed to check the security and vulnerabilities of security protocols. In this paper, we use Scyther to analyze two discrete logarithm problem (DLP) based group authentication protocols proposed in [2]. These two protocols are claimed to satisfy several security requirements, but only part of them have been checked because of the properties and limitations of Scyther. Some positive results have been gained and show that the protocols provide mutual authentication and implicit key authentication and are secure against impersonation attack. An important innovation in this paper is that we have extended the expressing ability of Scyther by giving some reasonable assumption du…

Security in Mobile Wireless Sensor Networks – A Survey

Published version of an article in the journal: Journal of Communications. Also available from the publisher at: http://dx.doi.org/10.4304/jcm.6.2.128-142. OA Thanks to recent advances in robotics, sensors and wireless communications, it is feasible to develop a variety of new architectures for Mobile Wireless Sensor Networks (MWSNs) that play an important role in various applications such as battlefield surveillance, harbor monitoring, etc. However, due to the dynamic of mobile network topology in MWSNs, many new security challenges have emerged. In this article, we give a survey on the state of the art technologies in security aspects of MWSNs. We review existing work that provides securi…

Information Security and Privacy in Medical Application Scenario

This chapter discusses security and privacy aspects for medical application scenario. The chapter analyze what kind security and privacy enforcements would be needed and how it can be achieved by technological means. Authors reviewed cryptographic mechanisms and solutions that can be useful in this context.

Security and privacy in the cloud a long-term view

In this paper we analyze security and privacy aspects of the cloud. We take a long-term view since the scope of privacy is potentially the lifetime of the privacy subject. We investigate trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. We also present promising solution for credible privacy in a cloud environment.

SLFTD: A Subjective Logic Based Framework for Truth Discovery

Finding truth from various conflicting candidate values provided by different data sources is called truth discovery, which is of vital importance in data integration. Several algorithms have been proposed in this area, which usually have similar procedure: iteratively inferring the truth and provider’s reliability on providing truth until converge. Therefore, an accurate provider’s reliability evaluation is essential. However, no work pays attention to “how reliable this provider continuously providing truth”. Therefore, we introduce subjective logic, which can record both (1) the provider’s reliability of generating truth, and (2) reliability of provider continuously doing so. Our propose…

A novel scheme for privacy preserving in RBAC

Role Based Access Control (RBAC) Model has been proved to be quite useful and has drawn a lot of research interest over the last fifteen years. In this paper we discuss general context-aware RBAC model. We analyze potential privacy threats associated with use of context-aware RBAC and propose a novel scheme that provides privacy-preserving for access models based on RBAC.

PRIvacy LEakage Methodology (PRILE) for IDS Rules

This paper introduces a methodology for evaluating PRIvacy LEakage in signature-based Network Intrusion Detection System (IDS) rules. IDS rules that expose more data than a given percentage of all data sessions are defined as privacy leaking. Furthermore, it analyses the IDS rule attack specific pattern size required in order to keep the privacy leakage below a given threshold, presuming that occurrence frequencies of the attack pattern in normal text are known. We have applied the methodology on the network intrusion detection system Snort’s rule set. The evaluation confirms that Snort in its default configuration aims at not being excessively privacy invasive. However we have identified s…

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0069-6 The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mob…

Secure and efficient data storage in unattended wireless sensor networks

©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Article also available from publisher: http://dx.doi.org/10.1109/NTMS.2009.5384753 Providing forward and backward secrecy is still a big challenge in Unattended Wireless Sensor Networks (UWSNs), though some storage schemes have been proposed. Additionally, high storage requirement needs efficient storage techniques. In this paper, we propose a novel homomorphic…

Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions

In the last few decades, there have been significant efforts in integrating information and communication technologies (ICT) into healthcare practices. This new paradigm commonly identified as electronic healthcare (e-health) allows provisioning of healthcare services at an affordable price to its consumers. However, there have been questions raised about the security of the sensitive information such as health records as well as the privacy of involving parties raising doubts on the minds of the general public. Thus, it is important to understand the potential security challenges in e-health systems and successfully resolve them by taking adequate measures to ensure fair utilization of suc…

Mobile Security with Location-Aware Role-Based Access Control

Published version of an article from the book: Security and privacy in mobile information and communication systems. Also available on SpringerLink: http://dx.doi.org/10.1007/978-3-642-30244-2_15 This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC c…

Two tiered privacy enhanced intrusion detection system architecture

The paper describes an architecture for privacy-enhanced intrusion detection systems, that separates privacy-invasive and privacy-preserving operations. This can be useful in cases where less sensitive network monitoring is outsourced to a third party and more sensitive network monitoring operations and data forensics are performed in-house or by law enforcement agencies.

An Anonymous Delegatable Attribute-based Credential Scheme for a Collaborative E-health Environment

We propose an efficient anonymous, attribute-based credential scheme capable of provisioning multi-level credential delegations. It is integrated with a mechanism to revoke the anonymity of credentials for resolving access disputes and making users accountable for their actions. The proposed scheme has a lower end-user computational complexity in comparison to existing credential schemes with delegatability and has a comparable level of performance with the credential standards of U-Prove and Idemix. Furthermore, we demonstrate how the proposed scheme can be applied to a collaborative e-health environment to provide its users with the necessary anonymous access with delegation capabilities.

Trust-based framework for security enhancement of P2PSIP communication systems

Today, Peer-to-Peer SIP based communication systems have attracted much attention from both academia and industry. The decentralized nature of P2P might provide the distributed peer-to-peer communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g. privacy leaks, unpredictable availability, etc. In this paper, we investigate on P2PSIP security issues and propose a subjective based trust model that offers trust services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, data confidentiality and integrity, message rou…

A Scheme for Secure and Reliable Distributed Data Storage in Unattended WSNs

Unattended Wireless Sensor Networks (UWSNs) operated in hostile environments face a risk on data security due to the absence of real-time communication between sensors and sinks, which imposes sensors to accumulate data till the next visit of a mobile sink to off-load the data. Thus, how to ensure forward secrecy, backward secrecy and reliability of the accumulated data is a great challenge. For example, if a sensor is compromised, pre-compromise data accumulated in the sensor is exposed to access. In addition, by holding key secrecy of the compromised sensor, attackers also can learn post-compromise data in the sensor. Furthermore, in practical UWSNs, once sensors stop working for accident…

A Patient-Centric Attribute Based Access Control Scheme for Secure Sharing of Personal Health Records Using Cloud Computing

Personal health records (PHR) are an emerging health information exchange model, which facilitates PHR owners to efficiently share their private health data among a variety of users including healthcare professionals as well as family and friends. PHRs are usually outsourced and stored in third-party cloud platforms which relieves PHR owners from the burden of managing their PHR data while achieving better availability of health data. However, outsourcing private health data raises significant privacy concerns because there is a higher risk of leaking health information to unauthorized parties. To ensure PHR owners' control of their outsourced PHR data, attribute based encryption (ABE) mech…

Ontology-based service matching and discovery

In this paper we consider ontologies as knowledge structures that specify attributes of services, their properties and relations among them to enable finding semantic similarity between service descriptions and service requests. Ontologies reflect semantic relationship between concepts represented by attributes in service descriptions and service requests. We use knowledge from ontologies to enhance the both user service requests and service descriptions by adding concepts that are not presented in the original descriptions, and use them in comparison process. It results in more precise matching since we consider also implicit concepts. Thus services and requests that do not contain exact m…

Semantic retrieval: an approach to representing, searching and summarising text documents

Nowadays, the internet is the major source of information for millions of people. There are many search tools available on the net but finding appropriate text information is still difficult. The retrieval efficiency of the presently used systems cannot be significantly improved: ‘bag of words’ interpretation causes losing semantics of texts. We applied the functional approach to represent English text documents. It allows taking into account semantic relations between words when indexing documents and use ordinary English sentences as queries to a search engine. The proposed retrieval mechanisms return only highly relevant documents. They make it possible to generate content-aware summarie…

Attribute based access control scheme with controlled access delegation for collaborative E-health environments

Abstract Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience the full potential of e-health systems. In order to realize a flexible access control scheme, integrating access delegation is of paramount importance. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities. …

Internet of things and privacy preserving technologies

In this paper we consider different approaches to technological protection of users' privacy in the world of internet of things. Particularly, we consider what kind of problems and which level of protection can be achieved by applying approaches using secure multi-party computations.

A survey on peer-to-peer SIP based communication systems

Published version of an article from the journal: Peer-to-Peer Networking and Applications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s12083-009-0064-4 Recently, both academia and industry have initiated research projects directed on integration of P2PSIP paradigm into communication systems. In this paradigm, P2P network stores most of the network information on each participating peer without help of the central servers. The concept of self-configuration, self-establishment greatly improves the robustness of the network system compared with the traditional Client/Server based systems. In this paper, we survey P2PSIP solutions proposed recently both in …

New client puzzle approach for DoS resistance in ad hoc Networks

In this paper we propose a new client puzzle approach to prevent Denial of Service (DoS) attacks in ad hoc networks. Each node in the network first solves a computational problem and with the solution has to create and solve a client puzzle. By combining computational problems with puzzles, we improve the efficiency and latency of the communicating nodes and resistance in DoS attacks. Experimental results show the effectiveness of our approach.

Towards Risk-aware Access Control Framework for Healthcare Information Sharing

A general framework for group authentication and key exchange protocols

Published version of a chapter in the book: Foundations and Practice of Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-319-05302-8_3 In this paper, we propose a novel framework for group authentication and key exchange protocols. There are three main advantages of our framework. First, it is a general one, where different cryptographic primitives can be used for different applications. Second, it works in a one-to-multiple mode, where a party can authenticate several parties mutually. Last, it can provide several security features, such as protection against passive adversaries and impersonate attacks, implicit key authentication, forward and backward securi…

Secure interworking with P2PSIP and IMS

In this paper, we propose a secure system model for interconnection between P2PSIP and IMS domains. The interworking solution is based on P2P-IMS GateWay (PIGW), which acts as a normal peer in P2PSIP network and a 3rd party IMS Application Server (AS) in IMS network. The security is achieved by implementing Chord Secure Proxy (CSP) and enhanced with subjective logic based trust model. We also implement this system model and analyze it in several aspects: number of hops and delay, trust improvement and protection against malicious or compromised intermediate peers. We conclude that the proposed architecture is feasible and improves security. As far as we know our research is the first study …

Blockchain Based Delegatable Access Control Scheme for a Collaborative E-Health Environment

Modern electronic healthcare (e-health) settings constitute collaborative environments requiring sophisticated fine-grained access control mechanisms to cater their access demands. Access delegatability is quite crucial to realize fine-grained, flexible access control schemes compatible with such environments. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities suitable for a multi-domain e-health environment. We have utilized the blockchain technology to manage attribute assignments, delegations as well as revocations. The scheme enables delegations in a controlled manner without jeopard…

Message from the Advanced Seminar Co-chairs

A Cognitive-based scheme for user reliability and expertise assessment in Q&A social networks

Q&A social media has gained a great deal of attention during recent years. People rely on these sites to obtain information due to the number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradictory answers, causing ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. In this work, we propose a novel approach for estimating the reliability and expertise of a user based on human cognitive traits. Every user can individually estimate these values based on local pairwise interactions. We examine…

Remote Patient Monitoring Within a Future 5G Infrastructure

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0078-5 Systems of wearable or implantable medical devices (IMD), sensor systems for monitoring and transmitting physiological recorded signals, will in future health care services be used for purposes of remote monitoring. Today, there exist several constraints, probably preventing the adoption of such services in clinical routine work. Within a future 5G infrastructure, new possibilities will be available due to improved addressing solutions and extended security services in addition to higher bandwidth in the wireles…

An Efficient, Robust, and Scalable Trust Management Scheme for Unattended Wireless Sensor Networks

Unattended Wireless Sensor Networks (UWSNs) are characterized by long periods of disconnected operation and fixed or irregular intervals between visits by the sink. The absence of an online trusted third party, i.e., an on-site sink, makes existing trust management schemes used in legacy wireless sensor networks not applicable to UWSNs directly. In this paper, we propose a trust management scheme for UWSNs to provide efficient, robust and scalable trust data storage. For trust data storage, we employ geographic hash table to efficiently identify data storage nodes and to significantly reduce storage cost. We demonstrate, through detailed analyses and extensive simulations, that the proposed…

Secure and Privacy Preserving Pattern Matching in Distributed Cloud-based Data Storage

Given two strings: pattern $p$ of length $m$ and text $t$ of length $n$ . The string matching problem is to find all (or some) occurrences of the pattern $p$ in the text $t$ . We introduce a new simple data structure, called index arrays, and design fast privacy-preserving matching algorithm for string matching. The motivation behind introducing index arrays is determined by the need for pattern matching on distributed cloud-based datasets with semi-trusted cloud providers. It is intended to use encrypted index arrays both to improve performance and protect confidentiality and privacy of user data.

A distributed data storage and retrieval scheme in unattended WSNs using Homomorphic Encryption and secret sharing

Many data storage schemes have been proposed in the past for keeping dependable data storage, but they are not designed for Unattended Wireless Sensor Networks (UWSNs). When applying these schemes to UWSNs, most of them have limitations such as high storage requirement, transmission cost, and not resilient to a large number of node compromises. To address the problem of data storage, transmission cost, and resilience of node compromise in UWSNs, we propose a novel Homomorphic Encryption and Homomorphic Secret Sharing based scheme (HEHSS) to accomplish the goals of confidentiality, resilience to node compromises, reliability, and efficiency of storage and transmission. Our scheme exploits th…

An efficient Chinese remainder theorem based node capture resilience scheme for Mobile WSNs

Node capture attack is a critical issue in Mobile WSNs where attacker-controlled replicas may act maliciously. In this paper, we present a novel Chinese remainder theorem based node capture resilience scheme that can be utilized to discover and revoke captured nodes. Moreover, our scheme can limit the ability of captured nodes to further compromise forward security, backward security, and launch collusion attacks. Detailed analysis shows that our scheme indeed achieves the expected design goals.

Trust enhancement of P2PSIP communication systems

Today, peer-to-peer (P2P) session initiation protocol (SIP)-based communication systems have attracted much attention from both academia and industry. The decentralised nature of P2P might provide the distributed P2P communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g., privacy leaks, unpredictable availability, etc. In this paper, we investigate P2PSIP security issues and propose a subjective logic-based trust model that offers trust-based security services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, d…

Traceable hierarchical attribute-based authentication for the cloud

When data owners store their data on cloud servers, they may want to define the access requirements themselves, where attribute-based authentication (ABA) can be a good choice for the solution. In this paper, we propose a traceable hierarchical ABA (HABA) solution which fits two situations in the cloud. The first situation is when cloud users are organized in groups of a hierarchical structure and the access allowance can only be granted to users in a specific group. The second situation is that attributes are organized in a hierarchical structure with different priorities, such that only users who own the required attributes of a specific priority can be authenticated and access the data. …

Enforcing mobile security with location-aware role-based access control

This paper describes how location-aware role-based access control RBAC can be implemented on top of the Geospatial eXtensible Access Control Markup Language GeoXACML. It furthermore sketches how spatial separation of duty constraints both static and dynamic can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations, which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location-dependent access control and also other security enhancing solutions on mobile devices, such as location-dependent device locking, firewall, intrusion prevention or payment…

An Efficient Traceable Attribute-Based Authentication Scheme with One-Time Attribute Trees

Attribute-based authentication (ABA) is a way to authenticate signers by means of attributes and it requests proof of possessing required attributes from the one to be authenticated. To achieve the property of traceability, required attributes should be combined with the signer’s attribute private keys in order to generate a signature. In some schemes, signers’ attribute keys are related to attribute trees, so changing attribute trees will cause the regeneration of all related attribute keys. In this paper, we propose an efficient traceable ABA scheme, where the generation of signers’ attribute keys is independent from attribute trees. Thus the same set of attribute keys can be used with a …

Context-aware summary generation for Web pages

General purpose search engines provide users with lists of retrieved documents in response to their queries. The common structure of list elements includes the title of a document, its URL, and small snippet from the text. Snippets are evidence of occurrences of query's keywords in the document. The length of each snippet is just a couple of lines. They cannot play a role of summaries of retrieved documents: In many cases, they are not indicative and users cannot judge on the relevancy of documents. In our approach we use ontology as context description and that ontology will be used to describe user's main interest with respect to wanted summary and help to select weighting of key words an…

Collaborative Assessment of Information Provider's Reliability and Expertise Using Subjective Logic

QA each user can individually estimate the expertise and the reliability of her peers using her direct interactions with them and our framework. The online SN (OSN), which can be considered as a distributed database, performs continuous data aggregation for users expertise and reliability assessment in order to reach a consensus. We emulate a Q&A SN to examine various performance aspects of our algorithm (e.g., convergence time, responsiveness etc.). Our evaluations indicate that it can accurately assess the reliability and the expertise of a user with a small number of samples and can successfully react to the latter's behavior change, provided that the cognitive traits hold in practice.

A trust-based security enforcement in disruption-tolerant networks

We propose an approach to enforce security in disruption- and delay-tolerant networks (DTNs) where long delays, high packet drop rates, unavailability of central trusted entity etc. make traditional approaches unfeasible. We use trust model based on subjective logic to continuously evaluate trustworthiness of security credentials issued in distributed manner by network participants to deal with absence of centralised trusted authorities.

PLC security and critical infrastructure protection

Programmable Logic Controllers (PLCs) are the most important components embedded in Industrial Control Systems (ICSs). ICSs have achieved highest standards in terms of efficiency and performance. As a result of that, higher portion of infrastructure in industries has been automated for the comfort of human beings. Therefore, protection of such systems is crucial. It is important to investigate the vulnerabilities of ICSs in order to solve the threats and attacks against critical infrastructure to protect human lives and assets. PLC is the basic building block of an ICS. If PLCs are exploited, overall system will be exposed to the threat. Many believed that PLCs are secured devices due to it…

A spatial role-based authorization framework for sensor network-assisted indoor WLANs

©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Article also available from publisher: http://dx.doi.org/10.1109/WIRELESSVITAE.2009.5172549 In this paper, we propose a spatial role-based authorization framework which specifies authorization based on both role and location constrains in a wireless local area network with assistance from a sensor network. The framework performs a location-restricted verificati…

SCARKER: A sensor capture resistance and key refreshing scheme for mobile WSNs

How to discover a captured node and to resist node capture attack is a challenging task in Wireless Sensor Networks (WSNs). In this paper, we propose a node capture resistance and key refreshing scheme for mobile WSNs which is based on the Chinese remainder theorem. The scheme is able of providing forward secrecy, backward secrecy and collusion resistance for diminishing the effects of capture attacks. By implementing our scheme on a Sun SPOT based sensor network testbed, we demonstrate that the time for updating a new group key varies from 56 ms to 546 ms and the energy consumption is limited to 16.5–225 mJ, depending on the length of secret keys and the number of sensors in a group.

Improving Chord Lookup Protocol for P2PSIP-Based Communication Systems

Chord has been suggested as mandatory overlay technology in the future P2PSIP-based communication systems. Chord allows for the available peer/resource lookup in no more than hops, where N is the total number of the peers in the overlay network. However, as a protocol originally designed for background downloading applications, Chord has a few drawbacks when supporting P2PSIP real-time communication systems. These drawbacks are related to ID assignment, the relation between ID and physical location, the routing styles and lack of cache, etc. In this paper, we investigate several approaches that can improve the efficiency of the peer/resource lookup algorithm. After that, we simulate two sys…

FoSBaS: A bi-directional secrecy and collusion resilience key management scheme for BANs

Body Area Network (BAN) consists of various types of small physiological sensors, transmission modules and low computational components and can thus form an E-health solution for continuous all-day and any-place health monitoring. To protect confidentiality of collected data, a shared group key is usually deployed in a BAN, and consequently a secure communication group is generated. In this paper, we propose a bi-directional security and collusion resilience key management scheme for BAN, referred to as FoSBaS. Detailed analysis shows that the scheme can provide both forward security and backward security and resist against collusion attacks. Furthermore, the FoSBaS is implemented on a Sun …

Privacy-preserving scheme for mobile ad hoc networks

This paper proposes a decentralized trust establishment protocol for mobile ad hoc networks (MANETs), where nodes establish security associations. In order to achieve privacy and security, we use homomorphic encryption and polynomial intersection so as to find the intersection of two sets. The first set represents a list of recommenders of the initiator and the second set is a list of trusted recommenders of the responder. The intersection of the sets represents a list of nodes that recommend the first node and their recommendations are trusted by the second node. In our experimental results we show that our scheme is effective even if there are 30 trusted nodes.

A Distributed Multi-Authority Attribute Based Encryption Scheme for Secure Sharing of Personal Health Records

Personal health records (PHR) are an emerging health information exchange model, which facilitates PHR owners to efficiently manage their health data. Typically, PHRs are outsourced and stored in third-party cloud platforms. Although, outsourcing private health data to third-party platforms is an appealing solution for PHR owners, it may lead to significant privacy concerns, because there is a higher risk of leaking private data to unauthorized parties. As a way of ensuring PHR owners' control of their outsourced PHR data, attribute based encryption (ABE) mechanisms have been considered due to the fact that such schemes facilitate a mechanism of sharing encrypted data among a set of intende…

Secure Group Communication Using Fractional Public Keys

Published version of a paper presented at the ARES '10 International Conference on Availability, Reliability, and Security (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Paper also available from the publisher:http://dx.doi.org/10.1109/ARES.2010.13 In this paper, we present the novel concept of fractional public keys and an efficient zero-round multi-party Diffie-Hellman key agreement sc…

Trust-enhanced data integrity model

In this paper we propose an enhancement of data integrity model. The proposed model is based on the idea of Biba integrity model but uses more elaborated integrity measurements. Since integrity can be seen as “trustworthiness of data and resources”, we propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness.

Optimized secure and reliable distributed data storage scheme and performance evaluation in unattended WSNs

Unattended Wireless Sensor Networks (UWSNs), characterized by the absence of real-time communication between sensors and sinks, impose sensors to retain data till the next visit of a mobile sink to off-load their data. In such networks, if a sensor is compromised, data accumulated in the sensor are exposed to attackers. In addition, by holding the secret key of the compromised sensor, attackers can also learn post-compromise data accumulated by the sensor. Furthermore, once sensors stop working due to, for instance, node crash or battery depletion, all the accumulated data will be lost. In this paper, we propose a secure and reliable data distribution scheme that addresses these challenges.…

Intrusion Detection with Interpretable Rules Generated Using the Tsetlin Machine

The rapid deployment in information and communication technologies and internet-based services have made anomaly based network intrusion detection ever so important for safeguarding systems from novel attack vectors. To this date, various machine learning mechanisms have been considered to build intrusion detection systems. However, achieving an acceptable level of classification accuracy while preserving the interpretability of the classification has always been a challenge. In this paper, we propose an efficient anomaly based intrusion detection mechanism based on the Tsetlin Machine (TM). We have evaluated the proposed mechanism over the Knowledge Discovery and Data Mining 1999 (KDD’99) …