Biblio

Using the blockchain technology to store the privatedocuments of individuals will help make data more reliable and secure, preventing the loss of data and unauthorized access. The Consensus algorithm along with the hash algorithms maintains the integrity of data simultaneously providing authentication and authorization. The paper incorporates the block chain and the Identity Based Encryption management concept. The Identity based Management system allows the encryption of the user's data as well as their identity and thus preventing them from Identity theft and fraud. These two technologies combined will result in a more secure way of storing the data and protecting the privacy of the user.

Internet of Things (IoT) systems are becoming widely used, which makes them to be a high-value target for both hackers and crackers. From gaining access to sensitive information to using them as bots for complex attacks, the variety of advantages after exploiting different security vulnerabilities makes the security of IoT devices to be one of the most challenging desideratum for cyber security experts. In this paper, we will propose a new IoT system, designed to ensure five data principles: confidentiality, integrity, availability, authentication and authorization. The innovative aspects are both the usage of a web-based communication and a custom dynamic data request structure.

As an important type of cloud data, digital provenance is arousing increasing attention on improving system performance. Currently, provenance has been employed to provide cues regarding access control and to estimate data quality. However, provenance itself might also be sensitive information. Therefore, provenance might be encrypted and stored in the Cloud. In this paper, we provide a mechanism to classify cloud documents by searching specific keywords from their encrypted provenance, and we prove our scheme achieves semantic security. In term of application of the proposed techniques, considering that files are classified to store separately in the cloud, in order to facilitate the regulation and security protection for the files, the classification policies can use provenance as conditions to determine the category of a document. Such as the easiest sample policy goes like: the documents have been reviewed twice can be classified as “public accessible”, which can be accessed by the public.

Optimization plays an important role in many problems that expect the accurate output. Security of the data stored in remote servers purely based on secret key which is used for encryption and decryption purpose. Many secret key generation algorithms such as RSA, AES are available to generate the key. The key generated by such algorithms are need to be optimized to provide more security to your data from unauthorized users as well as from the third party auditors(TPA) who is going to verify our data for integrity purpose. In this paper a method to optimize the secret key by using cuckoo search algorithm (CSA) is proposed.

Cloud computing is a vast area within which large amounts of data are exchanged through cloud services and has fully grown with its on-demand technology. Due to these versatile cloud services, sensitive data will be stored on cloud storage servers and it is also used to dynamically control a number of problems: security, privacy, data privacy, data sharing, and integrity across cloud servers. Moreover, the legitimacy and control of data access should be maintained in this extended environment. So, one of the most important concepts of cryptographic techniques in cloud computing environment is Attribute Based Encryption (ABE). In this research work, data auditing or integrity checking is considered as an area of concern for securing th cloud storage. In data auditing approach, an auditor inspects and verifies the data file integrity without having any knowledge about the content of file and sends the verification report to the data owner. In this research, Elliptical Curve Modified RSA (ECMRSA) is proposed along with Modified MD5 algorithm which is used for attribute-based cloud data integrity verification, in which data user or owner uploads their encrypted data files at cloud data server and send the auditing request to the Third-Party Auditor (TPA) for verification of their data files. The Third-Party Auditor (TPA) challenges the data server for ensuring the integrity of data files on behalf of the data owners. After verification of integrity of data file auditor sends the audit report to the owner. The proposed algorithm integrates the auditing scheme with public key encryption with homomorphic algorithm which generates digital signature or hash values of data files on encrypted files. The result analysis is performed on time complexity by evaluating encryption time, GenProof time and VerifyProof Time and achieved improvement in resolving time complexity as compared to existing techiques.

Provable Data Possession (PDP) is one of the data security techniques to make sure that the data stored in the cloud storage exists. In PDP, the integrity of the data stored in the cloud storage is probabilistically verified by the user or a third-party auditor. In the conventional PDP, the user creates the metadata used for audition. From the viewpoint of user convenience, it is desirable to be able to audit without operations other than uploading. In other words, the challenge is to provide a transparent PDP that verifies the integrity of files according to the general cloud storage system model so as not to add operations to users. We propose a scheme in which the cloud generates the metadata used during verification, and the user only uploads files. It is shown that the proposed scheme is resistant to the forgery of cloud proof and the acquisition of data by a third-party auditor.

Cloud computing is an evolving technology that provides data storage and highly fast computing services at a very low cost. All data stored in the cloud is handled by their cloud service providers or the caretaker of the cloud. The data owner is concerned about the authenticity and reliability of the data stored in the cloud as the data owners. Data can be misappropriated or altered by any unauthorized user or person. This paper desire to suggest a secure public auditing scheme applying third party auditors to authenticate the privacy, reliability, and integrity of data stored in the cloud. This proposed auditing scheme composes the use of the AES-256 algorithm for encryption, SHA-512 for integrity check and RSA-15360 for public-key encryption. And perform data dynamics operation which deals with mostly insertion, deletion, and, modification.

Cloud is the perfect way to hold our data every day. Yet the confidentiality of our data is a big concern in the handling of cloud data. Data integrity, authentication and confidentiality are basic security threats in the cloud. Cryptography techniques and Third Party Auditor (TPA) are very useful to impose the integrity and confidentiality of data. In this paper, a system is proposed Enhancing data protection that is housed in cloud computing. The suggested solution uses the RSA algorithm and the AES algorithm to encrypt user data. The hybridization of these two algorithms allows better data protection before it is stored in the cloud. Secure hash algorithm 512 is used to compute the Hash Message Authentication Code (HMAC). A stable audit program is also introduced for Third Party Auditor (TPA) use. The suggested algorithm is applied in python programming and tested in a simple sample format. It is checked that the proposed algorithm functions well to guarantee greater data protection.

Document integrity and origin for E2E S2S in IoTcloud have recently received considerable attention because of their importance in the real-world fields. Maintaining integrity could protect decisions made based on these message/image documents. Authentication and integrity solutions have been conducted to recognise or protect any modification in the exchange of documents between E2E S2S (smart-to-smart). However, none of the proposed schemes appear to be sufficiently designed as a secure scheme to prevent known attacks or applicable to smart devices. We propose a robust scheme that aims to protect the integrity of documents for each users session by integrating HMAC-SHA-256, handwritten feature extraction using a local binary pattern, one-time random pixel sequence based on RC4 to randomly hide authentication codes using LSB. The proposed scheme can provide users with one-time bio-key, robust message anonymity and a disappearing authentication code that does not draw the attention of eavesdroppers. Thus, the scheme improves the data integrity for a users messages/image documents, phase key agreement, bio-key management and a one-time message/image document code for each users session. The concept of stego-anonymity is also introduced to provide additional security to cover a hashed value. Finally, security analysis and experimental results demonstrate and prove the invulnerability and efficiency of the proposed scheme.

The increased use of cloud services and its various security and privacy challenges such as identity theft, data breach, data integrity and data confidentiality has made trust management, which is one of the most multifaceted aspect in cloud computing, inevitable. The growing reputation of cloud computing technology makes it immensely important to be acquainted with the meaning of trust in the cloud, as well as identify how the customer and the cloud service providers establish that trust. The traditional trust management mechanisms represent a static trust relationship which falls deficit while meeting up the dynamic requirement of cloud services. In this paper, a conceptual zero trust strategy for the cloud environment has been proposed. The model offers a conceptual typology of perceptions and philosophies for establishing trust in cloud services. Further, importance of trust establishment and challenges of trust in cloud computing have also been explored and discussed.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

In recent days the attention of the researchers has been grabbed by the advent of fog computing which is found to be a conservatory of cloud computing. The fog computing is found to be more advantageous and it solves mighty issues of the cloud namely higher delay and also no proper mobility awareness and location related awareness are found in the cloud environment. The IoT devices are connected to the fog nodes which support the cloud services to accumulate and process a component of data. The presence of Fog nodes not only reduces the demands of processing data, but it had improved the quality of service in real time scenarios. Nevertheless the fog node endures from challenges of false data injection, privacy violation in IoT devices and violating integrity of data. This paper is going to address the key issues related to homomorphic encryption algorithms which is used by various researchers for providing data integrity and authenticity of the devices with their merits and demerits.

Nowadays, Fog Computing gets more attention due to its characteristics. Fog computing provides more advantages in related to apply with the latest technology. On the other hand, there is an issue about the data security over processing of data. Fog Computing encounters many security challenges like false data injection, violating privacy in edge devices and integrity of data, etc. An encryption scheme called Homomorphic Encryption (HME) technique is used to protect the data from the various security threats. This homomorphic encryption scheme allows doing manipulation over the encrypted data without decrypting it. This scheme can be implemented in many systems with various crypto-algorithms. This homomorphic encryption technique is mainly used to retain the privacy and to process the stored encrypted data on a remote server. This paper addresses the terminologies of Fog Computing, work flow and properties of the homomorphic encryption algorithm, followed by exploring the application of homomorphic encryption in various public key cryptosystems such as RSA and Pailier. It focuses on various homomorphic encryption schemes implemented by various researchers such as Brakerski-Gentry-Vaikuntanathan model, Improved Homomorphic Cryptosystem, Upgraded ElGamal based Algebric homomorphic encryption scheme, In-Direct rapid homomorphic encryption scheme which provides integrity of data.

Nowadays the provision of online services by government or business organizations has become a standard and necessary operation. Transferring data including the confidential or sensitive information via Internet or insecure network and exchange of them is also increased day by day. As a result, confidential information leakage and cyber threats are also heightened. Confidential information trading became one of the most profitable businesses. Encrypting the data is a solution to secure the data from being exposed. In this paper, we would like to propose a solution for the secure transfer of data using symmetric encryption, asymmetric encryption technologies and Key Generation Server as a mixed hybrid solution. A Symmetric encryption, modified AES algorithm, is used to encrypt data. Digital certificate is used both for data encryption and digital signing to assure data integrity. Key generation server is used to generate the second secret key from the publicly recognized information of a person and this key is used as a second secret key in the modified AES. The proposed hybrid solution can be utilized in any applications that require high confidentiality, integrity of data and non-repudiation.

Trustworthiness is a soft-security feature that evaluates the correct behavior of nodes in a network. More specifically, this feature tries to answer the following question: how much should we trust in a certain node? To determine the trustworthiness of a node, our approach focuses on two reputation indicators: the self-data trust, which evaluates the data generated by the node itself taking into account its historical data; and the peer-data trust, which utilizes the nearest nodes' data. In this paper, we show how these two indicators can be calculated using the Gaussian Overlap and Pearson correlation. This paper includes a validation of our trustworthiness approach using real data from unofficial and official weather stations in Portugal. This is a representative scenario of the current situation in many other areas, with different entities providing different kinds of data using autonomous sensors in a continuous way over the networks.

The paper presents a comprehensive model of cybersecurity threats for a system of autonomous and remotely controlled vehicles (AV) in the environment of a smart city. The main focus in the security context is given to the “integrity” property. That property is of higher importance for industrial control systems in comparison with other security properties (availability and confidentiality). The security graph, which is part of the model, is dynamic, and, in real cases, its analysis may require significant computing resources for AV systems with a large number of assets and connections. The simplified example of the security graph for the AV system is presented.

Vehicular Ad Hoc Networks (VANETs) have a strategic goal to achieve service delivery in roads and smart cities, considering the integration and communication between vehicles, sensors and fixed road-side components (routers, gateways and services). VANETs have singular characteristics such as fast mobile nodes, self-organization, distributed network and frequently changing topology. Despite the recent evolution of VANETs, security, data integrity and users privacy information are major concerns, since attacks prevention is still open issue. One of the most dangerous attacks in VANETs is the Sybil, which forges false identities in the network to disrupt compromise the communication between the network nodes. Sybil attacks affect the service delivery related to road safety, traffic congestion, multimedia entertainment and others. Thus, VANETs claim for security mechanism to prevent Sybil attacks. Within this context, this paper proposes a mechanism, called SyDVELM, to detect Sybil attacks in VANETs based on artificial intelligence techniques. The SyDVELM mechanism uses Extreme Learning Machine (ELM) with occasional features of vehicular nodes, minimizing the identification time, maximizing the detection accuracy and improving the scalability. The results suggest that the suitability of SyDVELM mechanism to mitigate Sybil attacks and to maintain the service delivery in VANETs.

With the development of e-Science and data intensive scientific discovery, it needs to ensure scientific data available for the long-term, with the goal that the valuable scientific data should be discovered and re-used for downstream investigations, either alone, or in combination with newly generated data. As such, the preservation of scientific data enables that not only might experiment be reproducible and verifiable, but also new questions can be raised by other scientists to promote research and innovation. In this paper, we focus on the two main problems of digital preservation that are format migration and preservation metadata. Format migration includes both format verification and object transformation. The system architecture of format migration and preservation metadata is presented, mapping rules of object transformation are analyzed, data fixity and integrity and authenticity, digital signature and so on are discussed and an example is shown in detail.

The security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.

Blockchain technology has attracted much attention due to the great success of the cryptocurrencies. Owing to its immutability property and consensus protocol, blockchain offers a new solution for trusted storage and computation services. To scale up the services, prior research has suggested a hybrid storage architecture, where only small meta-data are stored onchain and the raw data are outsourced to off-chain storage. To protect data integrity, a cryptographic proof can be constructed online for queries over the data stored in the system. However, the previous schemes only support simple key-value queries. In this paper, we take the first step toward studying authenticated range queries in the hybrid-storage blockchain. The key challenge lies in how to design an authenticated data structure (ADS) that can be efficiently maintained by the blockchain, in which a unique gas cost model is employed. By analyzing the performance of the existing techniques, we propose a novel ADS, called GEM2-tree, which is not only gas-efficient but also effective in supporting authenticated queries. To further reduce the ADS maintenance cost without sacrificing much the query performance, we also propose an optimized structure, GEM2*-tree, by designing a two-level index structure. Theoretical analysis and empirical evaluation validate the performance of the proposed ADSs.

Nowadays database outsourcing has become business owners' preferred option and they are benefiting from its flexibility, reliability, and low cost. However, because database service providers cannot always be fully trusted and data owners will no longer have a direct control over their own data, how to make the outsourced data secure becomes a hot research topic. From the data integrity protection aspect, the client wants to make sure the data returned is correct, complete, and up-to-date. Previous research work in literature put more efforts on data correctness, while data completeness is still a challenging problem to solve. There are some existing works that tried to protect the completeness of data. Unfortunately, these solutions were considered not fully solving the problem because of their high communication or computation overhead. The implementations and limitations of existing works will be further discussed in this paper. From the data confidentiality protection aspect, order-preserving encryption (OPE) is a widely used encryption scheme in protecting data confidentiality. It allows the client to perform range queries and some other operations such as GROUP BY and ORDER BY over the OPE encrypted data. Therefore, it is worthy to develop a solution that allows user to verify the query completeness for an OPE encrypted database so that both data confidentiality and completeness are both protected. Inspired by this motivation, we propose a new data completeness protecting scheme by inserting fake tuples into databases. Both the real and fake tuples are OPE encrypted and thus the cloud server cannot distinguish among them. While our new scheme is much more efficient than all existing approaches, the level of security protection remains the same.

As cloud storage and computing gains popularity, data entrusted to the cloud has the potential to be exposed to more people and thus more vulnerable to attacks. It is important to develop mechanisms to protect data privacy and integrity so that clients can safely outsource their data to the cloud. We present a method for ensuring data completeness which is one facet of the data integrity problem. Our approach converts a standard database to a Completeness Protected Database (CPDB) by inserting some semantic fake data before outsourcing it to the cloud. These fake data are initially produced using our generating function which uses Order Preserving Encryption, which allows the user to be able to regenerate these fake data and match them to fake data returned from a range query to check for completeness. The CPDB is innovative in the following ways: (1) fake data is deterministically generated but is semantically indistinguishable from other existing data; (2) since fake data is generated by deterministic functions, data owners do not need to locally store the fake data that have been inserted, instead they can re-generate fake data using the functions; (3) no costly data encryption/signature is used in our scheme compared to previous work which encrypt/sign the entire database.

The IEEE Std. 1687 (IJTAG) was designed to provide on-chip access to the various embedded instruments (e.g. built-in self test, sensors, etc.) in complex system-on-chip designs. IJTAG facilitates access to on-chip instruments from third party intellectual property providers with hidden test-data registers. Although access to on-chip instruments provides valuable data specifically for debug and diagnosis, it can potentially expose the design to untrusted sources and instruments that can sniff and possibly manipulate the data that is being shifted through the IJTAG network. This paper provides a comprehensive protection scheme against data sniffing and data integrity attacks by selectively isolating the data flowing through the IJTAG network. The proposed scheme is modeled as a graph coloring problem to optimize the number of isolation signals required to protect the design. It is shown that combining the proposed approach with other existing schemes can also bolster the security against unauthorized user access as well. The proposed countermeasure is shown to add minimal overhead in terms of area and power consumption.

IoT devices can be used to fulfil many of our daily tasks. IoT could be wearable devices, home appliances, or even light bulbs. With the introduction of this new technology, however, vulnerabilities are being introduced and can be leveraged or exploited by malicious users. One common vehicle of exploitation is malicious software, or malware. Malware can be extremely harmful and compromise the confidentiality, integrity and availability (CIA triad) of information systems. This paper analyzes the types of malware attacks, introduce some mitigation approaches and discusses future challenges.

The presence of software vulnerabilities is a serious threat to any software project. Exploiting them can compromise system availability, data integrity, and confidentiality. Unfortunately, many open source projects go for years with undetected ready-to-exploit critical vulnerabilities. In this study, we investigate the presence of software vulnerabilities in open source projects and the factors that influence this presence. We analyzed the top 100 open source PHP applications in GitHub using a static analysis vulnerability scanner to examine how common software vulnerabilities are. We also discussed which vulnerabilities are most present and what factors contribute to their presence. We found that 27% of these projects are insecure, with a median number of 3 vulnerabilities per vulnerable project. We found that the most common type is injection vulnerabilities, which made 58% of all detected vulnerabilities. Out of these, cross-site scripting (XSS) was the most common and made 43.5% of all vulnerabilities found. Statistical analysis revealed that project activities like branching, pulling, and committing have a moderate positive correlation with the number of vulnerabilities in the project. Other factors like project popularity, number of releases, and number of issues had almost no influence on the number of vulnerabilities. We recommend that open source project owners should set secure code development guidelines for their project members and establish secure code reviews as part of the project's development process.