Biblio

Found 342 results

Filters: Keyword is Access Control  [Clear All Filters]
2020-01-21
Novikova, Evgenia, Bekeneva, Yana, Shorov, Andrey.  2019.  The Location-Centric Approach to Employee's Interaction Pattern Detection. 2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). :373–378.
The task of the insider threat detection is one of the most sophisticated problems of the information security. The analysis of the logs of the access control system may reveal on how employees move and interact providing thus better understanding on how personnel observe security policies and established business processes. The paper presents an approach to the detection of the location-centric employees' interaction patterns. The authors propose the formal definition of the interaction patterns and present the visualization-driven technique to the extraction of the patterns from the data when any prior information about existing interaction routine and procedures is not available. The proposed approach is demonstrated on the data set provided within VAST MiniChallenge-2 2016 contest.
2020-08-17
Huang, Kaiqing.  2019.  Multi-Authority Attribute-Based Encryption for Resource-Constrained Users in Edge Computing. 2019 International Conference on Information Technology and Computer Application (ITCA). :323–326.
Multi-authority attribute-based encryption (MA-ABE) is a promising technique to protect data privacy and achieve fine-grained access control in edge computing for Internet of Things (IoT). However, most of the existing MA-ABE schemes suffer from expensive computational cost in the encryption and decryption phases, which are not practical for resource constrained users in IoT. We propose a large-universe MA-CP-ABE scheme with online/offline encryption and outsourced decryption. In our scheme, most expensive encryption operations have been executed in the user's initialization phase by adding reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Moreover, massive decryption operation are outsourced to the near edge server for reducing the computation overhead of decryption. The proposed scheme is proven statically secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable for resource-constrained users in edge computing for IoT.
2020-10-19
Hong, Bo, Chen, Jie, Zhang, Kai, Qian, Haifeng.  2019.  Multi-Authority Non-Monotonic KP-ABE With Cryptographic Reverse Firewall. IEEE Access. 7:159002–159012.
The revelations of Snowden show that hardware and software of devices may corrupt users' machine to compromise the security in various ways. To address this concern, Mironov and Stephen-Davidowitz introduce the Cryptographic Reverse Firewall (CRF) concept that is able to resist the ex-filtration of secret information for some compromised machine (Eurocrypt 2015). There are some applications of CRF deployed in many cryptosystems, but less studied and deployed in Attribute-Based Encryption (ABE) field, which attracts a wide range of attention and is employed in real-world scenarios (i.e., data sharing in cloud). In this work, we focus how to give a CRF security protection for a multi-authority ABE scheme and hence propose a multi-authority key-policy ABE scheme with CRF (acronym, MA-KP-ABE-CRF), which supports attribute distribution and non-monotonic access structure. To achieve this, beginning with revisiting a MA-KP-ABE with non-trivial combining non-monotonic formula, we then give the randomness of ciphertexts and secret keys with reverse firewall and give formal security analysis. Finally, we give a simulation on our MA-KP-ABE-CRF system based on Charm library whose the experimental results demonstrate practical efficiency.
Sun, Pan Jun.  2019.  Privacy Protection and Data Security in Cloud Computing: A Survey, Challenges, and Solutions. IEEE Access. 7:147420–147452.
Privacy and security are the most important issues to the popularity of cloud computing service. In recent years, there are many research schemes of cloud computing privacy protection based on access control, attribute-based encryption (ABE), trust and reputation, but they are scattered and lack unified logic. In this paper, we systematically review and analyze relevant research achievements. First, we discuss the architecture, concepts and several shortcomings of cloud computing, and propose a framework of privacy protection; second, we discuss and analyze basic ABE, KP-ABE (key policy attribute-based encryption), CP-ABE (ciphertext policy attribute-based encryption), access structure, revocation mechanism, multi-authority, fine-grained, trace mechanism, proxy re-encryption (PRE), hierarchical encryption, searchable encryption (SE), trust, reputation, extension of tradition access control and hierarchical key; third, we propose the research challenge and future direction of the privacy protection in the cloud computing; finally, we point out corresponding privacy protection laws to make up for the technical deficiencies.
2020-08-24
Liu, Hongling.  2019.  Research on Feasibility Path of Technology Supervision and Technology Protection in Big Data Environment. 2019 International Conference on Intelligent Transportation, Big Data Smart City (ICITBS). :293–296.
Big data will bring revolutionary changes from life to thinking for society as a whole. At the same time, the massive data and potential value of big data are subject to many security risks. Aiming at the above problems, a data privacy protection model for big data platform is proposed. First, the data privacy protection model of big data for data owners is introduced in detail, including protocol design, logic design, complexity analysis and security analysis. Then, the query privacy protection model of big data for ordinary users is introduced in detail, including query protocol design and query mode design. Complexity analysis and safety analysis are performed. Finally, a stand-alone simulation experiment is built for the proposed privacy protection model. Experimental data is obtained and analyzed. The feasibility of the privacy protection model is verified.
2020-10-19
Xia, Qi, Sifah, Emmanuel Boateng, Obour Agyekum, Kwame Opuni-Boachie, Xia, Hu, Acheampong, Kingsley Nketia, Smahi, Abla, Gao, Jianbin, Du, Xiaojiang, Guizani, Mohsen.  2019.  Secured Fine-Grained Selective Access to Outsourced Cloud Data in IoT Environments. IEEE Internet of Things Journal. 6:10749–10762.
With the vast increase in data transmission due to a large number of information collected by devices, data management, and security has been a challenge for organizations. Many data owners (DOs) outsource their data to cloud repositories due to several economic advantages cloud service providers present. However, DOs, after their data are outsourced, do not have complete control of the data, and therefore, external systems are incorporated to manage the data. Several kinds of research refer to the use of encryption techniques to prevent unauthorized access to data but prove to be deficient in providing suitable solutions to the problem. In this article, we propose a secure fine-grain access control system for outsourced data, which supports read and write operations to the data. We make use of an attribute-based encryption (ABE) scheme, which is regarded as a suitable scheme to achieve access control for security and privacy (confidentiality) of outsourced data. This article considers different categories of data users, and make provisions for distinct access roles and permissible actions on the outsourced data with dynamic and efficient policy updates to the corresponding ciphertext in cloud repositories. We adopt blockchain technologies to enhance traceability and visibility to enable control over outsourced data by a DO. The security analysis presented demonstrates that the security properties of the system are not compromised. Results based on extensive experiments illustrate the efficiency and scalability of our system.
2020-07-13
Sharma, Yoshita, Gupta, Himanshu, Khatri, Sunil Kumar.  2019.  A Security Model for the Enhancement of Data Privacy in Cloud Computing. 2019 Amity International Conference on Artificial Intelligence (AICAI). :898–902.
As we all are aware that internet acts as a depository to store cyberspace data and provide as a service to its user. cloud computing is a technology by internet, where a large amount of data being pooled by different users is stored. The data being stored comes from various organizations, individuals, and communities etc. Thus, security and privacy of data is of utmost importance to all of its users regardless of the nature of the data being stored. In this research paper the use of multiple encryption technique outlines the importance of data security and privacy protection. Also, what nature of attacks and issues might arise that may corrupt the data; therefore, it is essential to apply effective encryption methods to increase data security.
2020-09-21
Xin, Yang, Qian, Zhenwei, Jiang, Rong, Song, Yang.  2019.  Trust Evaluation Strategy Based on Grey System Theory for Medical Big Data. 2019 IEEE International Conference on Computer Science and Educational Informatization (CSEI). :157–160.
The performance of the trust evaluation strategy depends on the accuracy and rationality of the trust evaluation weight system. Trust is a difficult to accurate measurement and quantitative cognition in the heart, the trust of the traditional evaluation method has a strong subjectivity and fuzziness and uncertainty. This paper uses the AHP method to determine the trust evaluation index weight, and combined with grey system theory to build trust gray evaluation model. The use of gray assessment based on the whitening weight function in the evaluation process reduces the impact of the problem that the evaluation result of the trust evaluation is not easy to accurately quantify when the decision fuzzy and the operating mechanism are uncertain.
2020-03-09
PONGSRISOMCHAI, Sutthinee, Ngamsuriyaroj, Sudsanguan.  2019.  Automated IT Audit of Windows Server Access Control. 2019 21st International Conference on Advanced Communication Technology (ICACT). :539–544.

To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system.

2020-06-19
Haefner, Kyle, Ray, Indrakshi.  2019.  ComplexIoT: Behavior-Based Trust For IoT Networks. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :56—65.

This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.

2020-03-12
Wu, Hanqing, Cao, Jiannong, Yang, Yanni, Tung, Cheung Leong, Jiang, Shan, Tang, Bin, Liu, Yang, Wang, Xiaoqing, Deng, Yuming.  2019.  Data Management in Supply Chain Using Blockchain: Challenges and a Case Study. 2019 28th International Conference on Computer Communication and Networks (ICCCN). :1–8.

Supply chain management (SCM) is fundamental for gaining financial, environmental and social benefits in the supply chain industry. However, traditional SCM mechanisms usually suffer from a wide scope of issues such as lack of information sharing, long delays for data retrieval, and unreliability in product tracing. Recent advances in blockchain technology show great potential to tackle these issues due to its salient features including immutability, transparency, and decentralization. Although there are some proof-of-concept studies and surveys on blockchain-based SCM from the perspective of logistics, the underlying technical challenges are not clearly identified. In this paper, we provide a comprehensive analysis of potential opportunities, new requirements, and principles of designing blockchain-based SCM systems. We summarize and discuss four crucial technical challenges in terms of scalability, throughput, access control, data retrieval and review the promising solutions. Finally, a case study of designing blockchain-based food traceability system is reported to provide more insights on how to tackle these technical challenges in practice.

2020-01-21
Es-Salhi, Khaoula, Espes, David, Cuppens, Nora.  2019.  DTE Access Control Model for Integrated ICS Systems. Proceedings of the 14th International Conference on Availability, Reliability and Security. :1–9.

Integrating Industrial Control Systems (ICS) with Corporate System (IT) is one of the most important industrial orientations. With recent cybersecurity attacks, the security of integrated ICS systems has become the priority of industrial world. Access control technologies such as firewalls are very important for Integrated ICS (IICS) systems to control communication across different networks to protect valuable resources. However, conventional firewalls are not always fully compatible with Industrial Control Systems. In fact, firewalls can introduce significant latency while ICS systems usually are very demanding in terms of timing requirements. Besides, most of existing firewalls do not support all industrial protocols. This paper proposes a new access control model for integrated ICS systems based on Domain and Type Enforcement (DTE). This new model allows to define and apply enforced access controls with respect of ICS timing requirements. Access controls definition is based on a high level language that can be used by ICS administrators with ease. This paper also proposes an initial generic ruleset based on the ISA95 functional model. This generic ruleset simplifies the deployment of DTE access controls and provides a good introduction to the DTE concepts for administrators.

2020-01-27
Lee, Tian-Fu, Liu, Chuan-Ming.  2019.  An Efficient Date-Constraint Hierarchical Key Management Scheme with Fast Key Validation Checking for Mobile Agents in E-Medicine System. Proceedings of the Third International Conference on Medical and Health Informatics 2019. :172–177.

A hierarchical key management scheme for mobile agents in e-medicine system enables users, such as patients, doctors, nurses and health visitors, to conveniently and securely access a remote hierarchical medical database system via public networks. Efficient hierarchical key management schemes do not require heavy computations even if the hierarchical structure has too many levels and participants. Chen et al. recently developed a hierarchical key management scheme with date-constraint for mobile agents. The key management scheme of Chen et al. is based the Elliptic Curve Cryptosystem and allows each secret key to be partnered with a validity period by using one-way hash chains. However, the scheme of Chen et al. fails to execute correctly, violates authenticated key security, and requires hundreds of hash functional operations. This investigation discusses these limitations, and proposes an efficient date-constraint hierarchical key management scheme for mobile agents in e-medicine system, which provides a fast key validation and expiration check phase to rapidly check whether the secret keys are valid and time-expired or not. The proposed key management scheme not only provides more security properties and rapidly checks the validation of secret keys, but also reduces the computational cost..

2020-05-29
Tseng, Yi-Fan, Fan, Chun-I, Wu, Chin-Yu.  2019.  FGAC-NDN: Fine-Grained Access Control for Named Data Networks. IEEE Transactions on Network and Service Management. 16:143—152.

Named data network (NDN) is one of the most promising information-centric networking architectures, where the core concept is to focus on the named data (or contents) themselves. Users in NDN can easily send a request packet to get the desired content regardless of its address. The routers in NDN have cache functionality to make the users instantly retrieve the desired file. Thus, the user can immediately get the desired file from the nearby nodes instead of the remote host. Nevertheless, NDN is a novel proposal and there are still some open issues to be resolved. In view of previous research, it is a challenge to achieve access control on a specific user and support potential receivers simultaneously. In order to solve it, we present a fine-grained access control mechanism tailored for NDN, supporting data confidentiality, potential receivers, and mobility. Compared to previous works, this is the first to support fine-grained access control and potential receivers. Furthermore, the proposed scheme achieves provable security under the DBDH assumption.

2020-01-20
Zhu, Yan, Zhang, Yi, Wang, Jing, Song, Weijing, Chu, Cheng-Chung, Liu, Guowei.  2019.  From Data-Driven to Intelligent-Driven: Technology Evolution of Network Security in Big Data Era. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 2:103–109.

With the advent of the big data era, information systems have exhibited some new features, including boundary obfuscation, system virtualization, unstructured and diversification of data types, and low coupling among function and data. These features not only lead to a big difference between big data technology (DT) and information technology (IT), but also promote the upgrading and evolution of network security technology. In response to these changes, in this paper we compare the characteristics between IT era and DT era, and then propose four DT security principles: privacy, integrity, traceability, and controllability, as well as active and dynamic defense strategy based on "propagation prediction, audit prediction, dynamic management and control". We further discuss the security challenges faced by DT and the corresponding assurance strategies. On this basis, the big data security technologies can be divided into four levels: elimination, continuation, improvement, and innovation. These technologies are analyzed, combed and explained according to six categories: access control, identification and authentication, data encryption, data privacy, intrusion prevention, security audit and disaster recovery. The results will support the evolution of security technologies in the DT era, the construction of big data platforms, the designation of security assurance strategies, and security technology choices suitable for big data.

2020-09-21
Ding, Hongfa, Peng, Changgen, Tian, Youliang, Xiang, Shuwen.  2019.  A Game Theoretical Analysis of Risk Adaptive Access Control for Privacy Preserving. 2019 International Conference on Networking and Network Applications (NaNA). :253–258.

More and more security and privacy issues are arising as new technologies, such as big data and cloud computing, are widely applied in nowadays. For decreasing the privacy breaches in access control system under opening and cross-domain environment. In this paper, we suggest a game and risk based access model for privacy preserving by employing Shannon information and game theory. After defining the notions of Privacy Risk and Privacy Violation Access, a high-level framework of game theoretical risk based access control is proposed. Further, we present formulas for estimating the risk value of access request and user, construct and analyze the game model of the proposed access control by using a multi-stage two player game. There exists sub-game perfect Nash equilibrium each stage in the risk based access control and it's suitable to protect the privacy by limiting the privacy violation access requests.

2020-04-17
You, Ruibang, Yuan, Zimu, Tu, Bibo, Cheng, Jie.  2019.  HP-SDDAN: High-Performance Software-Defined Data Access Network. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :849—856.

Recently, data protection has become increasingly important in cloud environments. The cloud platform has global user information, rich storage resource allocation information, and a fuller understanding of data attributes. At the same time, there is an urgent need for data access control to provide data security, and software-defined network, as a ready-made facility, has a global network view, global network management capabilities, and programable network rules. In this paper, we present an approach, named High-Performance Software-Defined Data Access Network (HP-SDDAN), providing software-defined data access network architecture, global data attribute management and attribute-based data access network. HP-SDDAN combines the excellent features of cloud platform and software-defined network, and fully considers the performance to implement software-defined data access network. In evaluation, we verify the effectiveness and efficiency of HP-SDDAN implementation, with only 1.46% overhead to achieve attribute-based data access control of attribute-based differential privacy.

2020-03-18
Djoko, Judicael B., Lange, Jack, Lee, Adam J..  2019.  NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :401–413.

With the rising popularity of file-sharing services such as Google Drive and Dropbox in the workflows of individuals and corporations alike, the protection of client-outsourced data from unauthorized access or tampering remains a major security concern. Existing cryptographic solutions to this problem typically require server-side support, involve non-trivial key management on the part of users, and suffer from severe re-encryption penalties upon access revocations. This combination of performance overheads and management burdens makes this class of solutions undesirable in situations where performant, platform-agnostic, dynamic sharing of user content is required. We present NEXUS, a stackable filesystem that leverages trusted hardware to provide confidentiality and integrity for user files stored on untrusted platforms. NEXUS is explicitly designed to balance security, portability, and performance: it supports dynamic sharing of protected volumes on any platform exposing a file access API without requiring server-side support, enables the use of fine-grained access control policies to allow for selective sharing, and avoids the key revocation and file re-encryption overheads associated with other cryptographic approaches to access control. This combination of features is made possible by the use of a client-side Intel SGX enclave that is used to protect and share NEXUS volumes, ensuring that cryptographic keys never leave enclave memory and obviating the need to reencrypt files upon revocation of access rights. We implemented a NEXUS prototype that runs on top of the AFS filesystem and show that it incurs ×2 overhead for a variety of common file and database operations.

2020-04-03
Renjan, Arya, Narayanan, Sandeep Nair, Joshi, Karuna Pande.  2019.  A Policy Based Framework for Privacy-Respecting Deep Packet Inspection of High Velocity Network Traffic. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :47—52.

Deep Packet Inspection (DPI) is instrumental in investigating the presence of malicious activity in network traffic and most existing DPI tools work on unencrypted payloads. As the internet is moving towards fully encrypted data-transfer, there is a critical requirement for privacy-aware techniques to efficiently decrypt network payloads. Until recently, passive proxying using certain aspects of TLS 1.2 were used to perform decryption and further DPI analysis. With the introduction of TLS 1.3 standard that only supports protocols with Perfect Forward Secrecy (PFS), many such techniques will become ineffective. Several security solutions will be forced to adopt active proxying that will become a big-data problem considering the velocity and veracity of network traffic involved. We have developed an ABAC (Attribute Based Access Control) framework that efficiently supports existing DPI tools while respecting user's privacy requirements and organizational policies. It gives the user the ability to accept or decline access decision based on his privileges. Our solution evaluates various observed and derived attributes of network connections against user access privileges using policies described with semantic technologies. In this paper, we describe our framework and demonstrate the efficacy of our technique with the help of use-case scenarios to identify network connections that are candidates for Deep Packet Inspection. Since our technique makes selective identification of connections based on policies, both processing and memory load at the gateway will be reduced significantly.

2020-01-27
Nakamura, Emilio, Ribeiro, Sérgio.  2019.  Risk-Based Attributed Access Control Modelling in a Health Platform: Results from Project CityZen. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :391–398.

This paper presents an access control modelling that integrates risk assessment elements in the attribute-based model to organize the identification, authentication and authorization rules. Access control is complex in integrated systems, which have different actors accessing different information in multiple levels. In addition, systems are composed by different components, much of them from different developers. This requires a complete supply chain trust to protect the many existent actors, their privacy and the entire ecosystem. The incorporation of the risk assessment element introduces additional variables like the current environment of the subjects and objects, time of the day and other variables to help produce more efficient and effective decisions in terms of granting access to specific objects. The risk-based attributed access control modelling was applied in a health platform, Project CityZen.

2020-01-20
Jasim, Anwar Chitheer, Hassoon, Imad Ali, Tapus, Nicolae.  2019.  Cloud: privacy For Locations Based-services' through Access Control with dynamic multi-level policy. 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT). :1911–1916.

LBSs are Location-Based Services that provide certain service based on the current or past user's location. During the past decade, LBSs have become more popular as a result of the widespread use of mobile devices with position functions. Location information is a secondary information that can provide personal insight about one's life. This issue associated with sharing of data in cloud-based locations. For example, a hospital is a public space and the actual location of the hospital does not carry any sensitive information. However, it may become sensitive if the specialty of the hospital is analyzed. In this paper we proposed design presents a combination of methods for providing data privacy protection for location-based services (LBSs) with the use of cloud service. The work built in zero trust and we start to manage the access to the system through different levels. The proposal is based on a model that stores user location data in supplementary servers and not in non-trustable third-party applications. The approach of the present research is to analyze the privacy protection possibilities through data partitioning. The data collected from the different recourses are distributed into different servers according to the partitioning model based on multi-level policy. Access is granted to third party applications only to designated servers and the privacy of the user profile is also ensured in each server, as they are not trustable.

2020-01-13
Mohamed, Nader, Al-Jaroodi, Jameela.  2019.  A Middleware Framework to Address Security Issues in Integrated Multisystem Applications. 2019 IEEE International Systems Conference (SysCon). :1–6.
Integrating multiple programmable components and subsystems developed by different manufacturers into a final system (a system of systems) can create some security concerns. While there are many efforts for developing interoperability approaches to enable smooth, reliable and safe integration among different types of components to build final systems for different applications, less attention is usually given for the security aspects of this integration. This may leave the final systems exposed and vulnerable to potential security attacks. The issues elevate further when such systems are also connected to other networks such as the Internet or systems like fog and cloud computing. This issue can be found in important industrial applications like smart medical, smart manufacturing and smart city systems. As a result, along with performance, safety and reliability; multisystem integration must also be highly secure. This paper discusses the security issues instigated by such integration. In addition, it proposes a middleware framework to address the security issues for integrated multisystem applications.
2020-12-17
Zong, Y., Guo, Y., Chen, X..  2019.  Policy-Based Access Control for Robotic Applications. 2019 IEEE International Conference on Service-Oriented System Engineering (SOSE). :368—3685.

With the wide application of modern robots, more concerns have been raised on security and privacy of robotic systems and applications. Although the Robot Operating System (ROS) is commonly used on different robots, there have been few work considering the security aspects of ROS. As ROS does not employ even the basic permission control mechanism, applications can access any resources without limitation, which could result in equipment damage, harm to human, as well as privacy leakage. In this paper we propose an access control mechanism for ROS based on an extended policy-based access control (PBAC) model. Specifically, we extend ROS to add an additional node dedicated for access control so that it can provide user identity and permission management services. The proposed mechanism also allows the administrator to revoke a permission dynamically. We implemented the proposed method in ROS and demonstrated its applicability and performance through several case studies.

2020-11-23
Jolfaei, A., Kant, K., Shafei, H..  2019.  Secure Data Streaming to Untrusted Road Side Units in Intelligent Transportation System. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :793–798.
The paper considers data security issues in vehicle-to-infrastructure communications, where vehicles stream data to a road side unit. We assume aggregated data in road side units can be stored or used for data analytics. In this environment, there are issues in regards to the scalability of key management and computation limitations at the edge of the network. To address these issues, we suggest the formation of groups in the vehicle layer, where a group leader is assigned to communicate with group devices and the road side unit. We propose a lightweight permutation mechanism for preserving the confidentiality of sensory data.
2020-07-24
Wu, Zhijun, Xu, Enzhong, Liu, Liang, Yue, Meng.  2019.  CHTDS: A CP-ABE Access Control Scheme Based on Hash Table and Data Segmentation in NDN. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :843—848.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.