Biblio

Security and confidentiality of big data stored in the cloud are important concerns for many organizations to adopt cloud services. One common approach to address the concerns is client-side encryption where data is encrypted on the client machine before being stored in the cloud. Having encrypted data in the cloud, however, limits the ability of data clustering, which is a crucial part of many data analytics applications, such as search systems. To overcome the limitation, in this paper, we present an approach named ClustCrypt for efficient topic-based clustering of encrypted unstructured big data in the cloud. ClustCrypt dynamically estimates the optimal number of clusters based on the statistical characteristics of encrypted data. It also provides clustering approach for encrypted data. We deploy ClustCrypt within the context of a secure cloud-based semantic search system (S3BD). Experimental results obtained from evaluating ClustCrypt on three datasets demonstrate on average 60% improvement on clusters' coherency. ClustCrypt also decreases the search-time overhead by up to 78% and increases the accuracy of search results by up to 35%.

Internet of Things is the newfound information architecture based on the Internet that develops interactions between objects and services in a secure and reliable environment. As the availability of many smart devices rises, secure and scalable mass storage systems for aggregate data is required in IoTs applications. In this paper, we propose a new method for storing aggregate data in IoTs by use of ( t, n) -threshold secret sharing scheme in the cloud storage. In this method, original data is divided into t blocks that each block is considered as a share. This method is scalable and traceable, i.e., new data can be inserted or part of original data can be deleted, without changing shares, also cloud service providers' fault in sending invalid shares are detectable.

Recent years have seen an increased interest in digital wallets for a multitude of use cases including online banking, cryptocurrency, and digital identity management. Digital wallets play a pivotal role in the secure management of cryptographic keys and credentials, and for providing certain identity management services. In this paper, we examine a proof-of-concept digital wallet in the context of Self-Sovereign Identity and provide a practical decentralized key recovery solution using Shamir's secret sharing scheme and Hyperledger Indy distributed ledger technology.

Variable N-parallel code-shift-keying (VN-CSK) system has been proposed for solving the dimming control problem and the adjacent illumination light interference in illumination light communication. VN-CSK system only focuses on separating the light signal in the illumination light overlapping area. While, it is considerable to transmit a new data using the light overlapping. Visual secret sharing (VSS) scheme is a kind of secret sharing scheme, which distributes the secret data for security and restore by overlapping. It has high affinity to visible light communication. In this paper, a system combined with visible light communication and (2,2)-VSS scheme is proposed. In the proposed system, a modified pseudo orthogonal M-sequence is used that the occurrence probability of 0 and 1 of share is one-half in order to achieve a constant illuminance. In addition, this system use Modified Pseudo-Orthogonal M-sequence(MPOM) for ensuring the lighting function. The bit error rate performance of the proposed system is evaluated under the indoor visible light communication channel by simulation.

Research into the established area of ITS is evolving into the Internet of Vehicles (IoV), itself a fast-moving research area, fuelled in part by rapid changes in computing and communication technologies. Using pseudonym certificate is a popular way to address privacy issues in IoV. Therefore, the certificate management scheme is considered as a feasible technique to manage system and maintain the lifecycle of certificate. In this paper, we propose an efficient pseudonym certificate management scheme in IoV. The Blockchain concept is introduced to simplify the network structure and distributed maintenance of the Certificate Revocation List (CRL). The proposed scheme embeds part of the certificate revocation functions within the security and privacy applications, aiming to reduce the communication overhead and shorten the processing time cost. Extensive simulations and analysis show the effectiveness and efficiency of the proposed scheme, in which the Blockchain structure costs fewer network resources and gives a more economic solution to against further cybercrime attacks.

Millions of news are being exchanged daily among people. With the appearance of the Internet, the way of broadcasting news has changed and become faster, however it caused many problems. For instance, the increase in the speed of broadcasting news leads to an increase in the speed of fake news creation. Fake news can have a huge impression on societies. Additionally, the existence of a central entity, such as news agencies, could lead to fraud in the news broadcasting process, e.g. generating fake news and publishing them for their benefits. Since Blockchain technology provides a reliable decentralized network, it can be used to publish news. In addition, Blockchain with the help of decentralized applications and smart contracts can provide a platform in which fake news can be detected through public participation. In this paper, we proposed a new method for sharing and analyzing news to detect fake news using Blockchain, called SANUB. SANUB provides features such as publishing news anonymously, news evaluation, reporter validation, fake news detection and proof of news ownership. The results of our analysis show that SANUB outperformed the existing methods.

The main searching functions realized by searchable encryption can be divided into searching using one query and searching using multiple queries. Searchable encryption using one query has been widely studied and researched; however, few methods of searchable encryption can accommodate search using multiple queries. In addition, most of the method proposed thus far utilize the concept of index search. Therefore, a new problem exists, in which an additional process of updating or deleting an index when new documents are added or removed is required. Hence, the overall computation cost increases. Another problem is that a document that is not registered in the index cannot be searched. Therefore, herein, using a secret-sharing scheme that is known to offer a low computational cost, we propose a method that can realize both logical conjunctive (AND) and logical disjunctive (OR) search over multiple conditions, without the construction of any index. Hence, we can realize direct searching over sentences, thus achieving a more efficient search method.

The paper considers data security issues in vehicle-to-infrastructure communications, where vehicles stream data to a road side unit. We assume aggregated data in road side units can be stored or used for data analytics. In this environment, there are issues in regards to the scalability of key management and computation limitations at the edge of the network. To address these issues, we suggest the formation of groups in the vehicle layer, where a group leader is assigned to communicate with group devices and the road side unit. We propose a lightweight permutation mechanism for preserving the confidentiality of sensory data.

A deniable authentication (DA) protocol plays a vital role to provide security and privacy of the mobile nodes in a mobile ad hoc network (MANET). In recent years, a number of similar works have been proposed, but most of them experience heavy computational and communication overhead. Further, most of these protocols are not secure against different attacks. To address these concerns, we devised an identity-based deniable authentication (IBDA) protocol with adequate security and efficiency. The proposed IBDA protocol is mainly designed for MANETs, where the mobile devices are resource-limited. The proposed IBDA protocol used the elliptic curve cryptography (ECC) and identity-based cryptosystem (IBC). The security of our IBDA protocol depends on the elliptic curve discrete logarithm (ECDL) problem and bilinear Diffie-Hellman (BDH) problem.

Searchable encryption will become more important as medical services intensify their use of big data and artificial intelligence. To use searchable encryption safely, the resistance of terminals with embedded searchable encryption to illegal attacks (tamper resistance) is extremely important. This study proposes a searchable encryption system embedded in terminals and evaluate the tamper resistance of the proposed system. This study also proposes attack scenarios and quantitatively evaluates the tamper resistance of the proposed system by performing experiments following the proposed attack scenarios.

The Data Compression is a creative skill which defined scientific concepts of providing contents in a compact form. Thus, it has turned into a need in the field of communication as well as in different scientific studies. Data transmission must be sufficiently secure to be utilized in a channel medium with no misfortune; and altering of information. Encryption is the way toward scrambling an information with the goal that just the known receiver can peruse or see it. Encryption can give methods for anchoring data. Along these lines, the two strategies are the two crucial advances that required for the protected transmission of huge measure of information. In typical cases, the compacted information is encoded and transmitted. In any case, this sequential technique is time consumption and computationally cost. In the present paper, an examination on simultaneous compression and encryption technique depends on DNA which is proposed for various sorts of secret data. In simultaneous technique, both techniques can be done at single step which lessens the time for the whole task. The present work is consisting of two phases. First phase, encodes the plaintext by 6-bits instead of 8-bits, means each character represented by three DNA nucleotides whereas to encode any pixel of image by four DNA nucleotides. This phase can compress the plaintext by 25% of the original text. Second phase, compression and encryption has been done at the same time. Both types of data have been compressed by their half size as well as encrypted the generated symmetric key. Thus, this technique is more secure against intruders. Experimental results show a better performance of the proposed scheme compared with standard compression techniques.

Optical CDMA (OCMDA) technology directly encrypts optical transmission links at the physical layer, which can improve the security of communication system against fibre-optic eavesdropping attacks. System parameters will affect the performances of OCDMA systems, based on the wiretap channel model of OCDMA systems, "secrecy capacity" is employed as an indicator to estimate the effects of system parameters (the type of code words, the length of code words) on the security of the systems. Simulation results demonstrate that system parameters play an important role and choosing the code words with better cross-correlation characteristics can improve the security of OCDMA systems.

Entropy sources are designed to provide unpredictable random numbers for cryptographic systems. As an assessment of the sources, Shannon entropy is usually adopted to quantitatively measure the unpredictability of the outputs. In several related works about the entropy evaluation of ring oscillator-based (RO-based) entropy sources, authors evaluated the unpredictability with the average conditional Shannon entropy (ACE) of the source, moreover provided a lower bound of the ACE (LBoACE). However, in this paper, we have demonstrated that when the adversaries have access to the history outputs of the entropy source, for example, by some intrusive attacks, the LBoACE may overestimate the actual unpredictability of the next output for the adversaries. In this situation, we suggest to adopt the specific conditional Shannon entropy (SCE) which exactly measures the unpredictability of the future output with the knowledge of previous output sequences and so is more consistent with the reality than the ACE. In particular, to be conservative, we propose to take the lower bound of the SCE (LBoSCE) as an estimation of the worst-case entropy of the sources. We put forward a detailed method to estimate this worst-case entropy of RO-based entropy sources, which we have also verified by experiment on an FPGA device. We recommend to adopt this method to provide a conservative assessment of the unpredictability when the entropy source works in a vulnerable environment and the adversaries might obtain the previous outputs.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.

To prevent unauthorized access to adversaries, strong authentication scheme is a vital security requirement in client-server inter-networking systems. These schemes must verify the legitimacy of such users in real-time environments and establish a dynamic session key fur subsequent communication. Of late, T. H. Chen and J. C. Huang proposed a two-factor authentication framework claiming that the scheme is secure against most of the existing attacks. However we have shown that Chen and Huang scheme have many critical weaknesses in real-time environments. The scheme is prone to man in the middle attack and information leakage attack. Furthermore, the scheme does not provide two essential security services such user anonymity and session key establishment. In this paper, we present an enhanced user participating authenticating scheme which overcomes all the weaknesses of Chen et al.'s scheme and provide most of the essential security features.

The Joint Test Action Group (JTAG) standards define test and debug architectures that are ingrained within much of today's commercial silicon. In particular, the IEEE Std. 1149.1 (Standard Test Access Port and Boundary Scan Architecture) forms the foundation of on-chip embedded instrumentation that is used extensively for everything from prototype board bring-up to firmware triage to field and depot system repair. More recently, JTAG is being used in-system as a hardware/firmware mechanism for Built-In Test (BIT), addressing No Fault Found (NFF) and materiel availability issues. Its power and efficacy are a direct outcome of being a ubiquitously available, embedded on-die instrument that is inherent in most electronic devices. While JTAG is indispensable for all aspects of test and debug, it suffers from a lack of inherent security. Unprotected, it can represent a security weakness, exposing a back-door vulnerability through which hackers can reverse engineer, extract sensitive data from, or disrupt systems. More explicitly, JTAG can be used to: - Read and write from system memory - Pause execution of firmware (by setting breakpoints) - Patch instructions or data in memory - Inject instructions directly into the pipeline of a target chip (without modifying memory) - Extract firmware (for reverse engineering/vulnerability research) - Execute private instructions to activate other engines within the chip As a low-level means of access to a powerful set of capabilities, the JTAG interface must be safeguarded against unauthorized intrusions and attacks. One method used to protect platforms against such attacks is to physically fuse off the JTAG Test Access Ports, either at the integrated circuit or the board level. But, given JTAG's utility, alternative approaches that allow for both security and debug have become available, especially if there is a hardware root of trust on the platform. These options include chip lock and key registers, challenge-response mechanisms, secure key systems, TDI/TDO encryption, and other authentication/authorization techniques. This paper reviews the options for safe access to JTAG-based debug and test embedded instrumentation.

Signal processing in encrypted domain has become an important mean to protect privacy in an untrusted network environment. Due to the limitations of the underlying encryption methods, many useful algorithms that are sophisticated are not well implemented. Considering that QR decomposition is widely used in many fields, in this paper, we propose to implement QR decomposition in homomorphic encrypted domain. We firstly realize some necessary primitive operations in homomorphic encrypted domain, including division and open square operation. Gram-Schmidt process is then studied in the encrypted domain. We propose the implementation of QR decomposition in the encrypted domain by using the secure implementation of Gram-Schmidt process. We conduct experiments to demonstrate the effectiveness and analyze the performance of the proposed outsourced QR decomposition.

Research Purpose: The distributed, traceable and security of blockchain technology are applicable to the construction of new government information resource models, which could eliminate the barn effect and trust in government information sharing, as well as promoting the transformation of government affairs from management to service, it is also of great significance to the sharing of government information and construction of service-oriented e-government. Propose Methods: By analyzing the current problems of government information sharing, combined with literature research, this paper proposes the theoretical framework and advantages of blockchain technology applied to government information management and sharing, expounds the blockchain-based solution, it also constructs a government information sharing model based on blockchain, and gives implementation strategies at the technical and management levels. Results and Conclusion: The government information sharing model based on the blockchain solution and the transparency of government information can be used as a research framework for information interaction analysis between the government and users. It can also promote the construction and development of information sharing for Chinese government, as well as providing unified information sharing solution at the departmental and regional levels for e-government.

In the deep learning tasks, we can design different network models to address different tasks (classification, detection, segmentation). But traditional deep learning networks simply increase the depth and breadth of the network. This leads to a higher complexity of the model. We propose Adaptively Weighted Channel Feature Network of Mixed Convolution Kernel(SKENet). SKENet extract features from different kernels, then mixed those features by elementwise, lastly do sigmoid operator on channel features to get adaptive weightings. We did a simple classification test on the CIFAR10 amd CIFAR100 dataset. The results show that SKENet can achieve a better result in a shorter time. After that, we did an object detection experiment on the VOC dataset. The experimental results show that SKENet is far ahead of the SKNet[20] in terms of speed and accuracy.

This paper introduces an anonymous privacy-preserving scheme for big data over the cloud. The proposed design helps to enhance the encryption/decryption time of big data by utilizing the MapReduce framework. The Hadoop distributed file system and the secure hash algorithm are employed to provide the anonymity, security and efficiency requirements for the proposed scheme. The experimental results show a significant enhancement in the computational time of data encryption and decryption.

The fast advancement in the last two decades proposed a new challenge in security. In addition, the methods used to secure information are drawing more attention and under intense investigation by researchers around the globe. However, securing data is a very hard task, due to the escalation of threat levels. Several technologies and techniques developed and used to secure data throughout communication or by direct access to the information as an example encryption techniques and authentication techniques. A most recent development methods used to enhance security is by using human biometric characteristics such as thumb, hand, eye, cornea, and DNA; to enforce the security of a system toward higher level, human DNA is a promising field and human biometric characteristics can enhance the security of any system using biometric features for authentication. Furthermore, the proposed methods does not fulfil or present the ultimate solution toward tightening the system security. However, one of the proposed solutions enroll a technique to encrypt the biometric characteristic using a well-known cryptosystem technique. In this paper, an overview presented on the benefits of incorporating a human DNA based security systems and the overall effect on how such systems enhance the security of a system. In addition, an algorithm is proposed for practical application and the implementation discussed briefly.

Biometrics manages the computerized acknowledgment of people dependent on natural and social attributes. The example acknowledgment framework perceives an individual by deciding the credibility of a particular conduct normal for person. The primary rule of biometric framework is recognizable proof and check. A biometric confirmation framework use fingerprints, face, hand geometry, iris, and voice, mark, and keystroke elements of a person to recognize an individual or to check a guaranteed character. Biometrics authentication is a form of identification and access control process which identify individuals in packs that are under reconnaissance. Biometric security system increase in the overall security and individuals no longer have to deal with lost ID Cards or forgotten passwords. It helps much organization to see everyone is at a certain time when something might have happened that needs reviewed. The current issues in biometric system with individuals and many organization facing are personal privacy, expensive, data's may be stolen.

In the modern security-conscious world, Deep Packet Inspection (DPI) proxies are increasingly often used on industrial and enterprise networks to perform TLS unwrapping on all outbound connections. However, enabling TLS unwrapping requires local devices to have the DPI proxy Certificate Authority certificates installed. While for conventional computing devices this is addressed via enterprise management, it's a difficult problem for Internet of Things ("IoT") devices which are generally not under enterprise management, and may not even be capable of it due to their resource-constrained nature. Thus, for typical IoT devices, being installed on a network with DPI requires either manual device configuration or custom DPI proxy configuration, both of which solutions have significant shortcomings. This poses a serious challenge to the deployment of IoT devices on DPI-enabled intranets. The authors propose a solution to this problem: a method of installing on IoT devices the CA certificates for DPI proxy CAs, as well as other security configuration ("security bootstrapping"). The proposed solution respects the DPI policies, while allowing the commissioning of IoT and IIoT devices without the need for additional manual configuration either at device scope or at network scope. This is accomplished by performing the bootstrap operation over unsecured connection, and downloading certificates using TLS validation at application level. The resulting solution is light-weight and secure, yet does not require validation of the DPI proxy's CA certificates in order to perform the security bootstrapping, thus avoiding the chicken-and-egg problem inherent in using TLS on DPI-enabled intranets.

In recent years, image steganography is being considered as one of the methods to secure the confidentiality of sensitive and private data sent over networks. Conventional image steganography techniques use cover images to hide secret messages. These techniques are susceptible to steganalysis algorithms based on anomaly detection. This paper proposes a new approach to image steganography without using cover images. In addition, it utilizes Deoxyribonucleic Acid (DNA) sequences. DNA sequences are used to generate key and stego-image. Experimental results show that the use of DNA sequences in this technique offer very low cracking probability and the coverless approach contributes to its high embedding capacity.

As nuclear power plant Instrumentation and Control(I&C) systems have turned into digital systems, the possibility of cyber-attacks has increased. To protect the nuclear power plant from cyber-attacks, digital assets are classified and managed as critical digital assets which have safety, security and emergency preparedness functions. However, critical digital assets represent 70-80% of total digital assets, and applying and managing the same security control is inefficient. Therefore, this paper presents the criteria for identifying digital assets that are classified as vital digital assets that can directly affect the serious accidents of nuclear power plants.