Visible to the public Biblio

Filters: Keyword is information sharing  [Clear All Filters]
2023-08-16
Priya, D Divya, Kiran, Ajmeera, Purushotham, P.  2022.  Lightweight Intrusion Detection System(L-IDS) for the Internet of Things. 2022 International Conference on Advancements in Smart, Secure and Intelligent Computing (ASSIC). :1—4.
Internet of Things devices collect and share data (IoT). Internet connections and emerging technologies like IoT offer privacy and security challenges, and this trend is anticipated to develop quickly. Internet of Things intrusions are everywhere. Businesses are investing more to detect these threats. Institutes choose accurate testing and verification procedures. In recent years, IoT utilisation has increasingly risen in healthcare. Where IoT applications gained popular among technologists. IoT devices' energy limits and scalability raise privacy and security problems. Experts struggle to make IoT devices more safe and private. This paper provides a machine-learning-based IDS for IoT network threats (ML-IDS). This study aims to implement ML-supervised IDS for IoT. We're going with a centralised, lightweight IDS. Here, we compare seven popular categorization techniques on three data sets. The decision tree algorithm shows the best intrusion detection results.
2023-03-17
Chakraborty, Partha Sarathi, Kumar, Puspesh, Chandrawanshi, Mangesh Shivaji, Tripathy, Somanath.  2022.  BASDB: Blockchain assisted Secure Outsourced Database Search. 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS). :1–6.
The outsourcing of databases is very popular among IT companies and industries. It acts as a solution for businesses to ensure availability of the data for their users. The solution of outsourcing the database is to encrypt the data in a form where the database service provider can perform relational operations over the encrypted database. At the same time, the associated security risk of data leakage prevents many potential industries from deploying it. In this paper, we present a secure outsourcing database search scheme (BASDB) with the use of a smart contract for search operation over index of encrypted database and storing encrypted relational database in the cloud. Our proposed scheme BASDB is a simple and practical solution for effective search on encrypted relations and is well resistant to information leakage against attacks like search and access pattern leakage.
2023-02-17
Maddamsetty, Saketh, Tharwani, Ayush, Mishra, Debadatta.  2022.  MicroBlind: Flexible and Secure File System Middleware for Application Sandboxes. 2022 IEEE International Conference on Cloud Engineering (IC2E). :221–232.
Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a non-trivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times. In this paper, we propose MicroBlind, a security hardened file sharing framework for virtualized sandboxes to support efficient data sharing across different application sandboxes. MicroBlind enables a simple file sharing management API for end users where the end user can orchestrate file sharing across different VM sandboxes in a secure manner. To demonstrate the efficacy of MicroBlind, we perform comprehensive empirical analysis against existing data sharing techniques (augmented for the sandboxing setup) and show that MicroBlind provides improved security and efficiency.
2023-01-20
Liang, Xiao, An, Ningyu, Li, Da, Zhang, Qiang, Wang, Ruimiao.  2022.  A Blockchain and ABAC Based Data Access Control Scheme in Smart Grid. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :52—55.
In the smart grid, the sharing of power data among various energy entities can make the data play a higher value. However, there may be unauthorized access while sharing data, which makes many entities unwilling to share their data to prevent data leakage. Based on blockchain and ABAC (Attribute-based Access Control) technology, this paper proposes an access control scheme, so that users can achieve fine-grained access control of their data when sharing them. The solution uses smart contract to achieve automated and reliable policy evaluation. IPFS (Interplanetary File System) is used for off-chain distributed storage to share the storage pressure of blockchain and guarantee the reliable storage of data. At the same time, all processes in the system are stored in the blockchain, ensuring the accountability of the system. Finally, the experiment proves the feasibility of the proposed scheme.
2022-09-29
Al-Alawi, Adel Ismail, Alsaad, Abdulla Jalal, AlAlawi, Ebtesam Ismaeel, Naser Al-Hadad, Ahmed Abdulla.  2021.  The Analysis of Human Attitude toward Cybersecurity Information Sharing. 2021 International Conference on Decision Aid Sciences and Application (DASA). :947–956.
Over the years, human errors have been identified as one of the most critical factors impacting cybersecurity in an organization that has had a substantial impact. The research uses recent articles published on human resources and information cybersecurity. This research focuses on the vulnerabilities and the best solution to mitigate these threats based on literature review methodology. The study also focuses on identifying the human attitude and behavior towards cybersecurity and how that would impact the organization's financial impact. With the help of the Two-factor Taxonomy of the security behavior model developed in past research, the research aims to identify the best practices and compare the best practices with that of the attitude-behavior found and matched to the model. Finally, the study would compare the difference between best practices and the current practices from the model. This would help provide the organization with specific recommendations that would help change their attitude and behavior towards cybersecurity and ensure the organization is not fearful of the cyber threat of human error threat.
2022-07-12
Kanca, Ali Melih, Sagiroglu, Seref.  2021.  Sharing Cyber Threat Intelligence and Collaboration. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :167—172.
With the developing technology, cyber threats are developing rapidly, and the motivations and targets of cyber attackers are changing. In order to combat these threats, cyber threat information that provides information about the threats and the characteristics of the attackers is needed. In addition, it is of great importance to cooperate with other stakeholders and share experiences so that more information about threat information can be obtained and necessary measures can be taken quickly. In this context, in this study, it is stated that the establishment of a cooperation mechanism in which cyber threat information is shared will contribute to the cyber security capacity of organizations. And using the Zack Information Gap analysis, the deficiency of organizations in sharing threat information were determined and suggestions were presented. In addition, there are cooperation mechanisms in the USA and the EU where cyber threat information is shared, and it has been evaluated that it would be beneficial to establish a similar mechanism in our country. Thus, it is evaluated that advanced or unpredictable cyber threats can be detected, the cyber security capacities of all stakeholders will increase and a safer cyber ecosystem will be created. In addition, it is possible to collect, store, distribute and share information about the analysis of cyber incidents and malware analysis, to improve existing cyber security products or to encourage new product development, by carrying out joint R&D studies among the stakeholders to ensure that domestic and national cyber security products can be developed. It is predicted that new analysis methods can be developed by using technologies such as artificial intelligence and machine learning.
2022-04-18
Li, Shuai, Dang, Fangfang, Yang, Ying, Liu, Han, Song, Yifan.  2021.  Research on Computer Network Security Protection System Based on Level Protection in Cloud Computing Environment. 2021 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA). :428–431.
With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.
2022-04-12
Yucel, Cagatay, Chalkias, Ioannis, Mallis, Dimitrios, Cetinkaya, Deniz, Henriksen-Bulmer, Jane, Cooper, Alice.  2021.  Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :343—347.
The recent technological advances and changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not have access to this information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.
2022-04-01
Ali, Hisham, Papadopoulos, Pavlos, Ahmad, Jawad, Pitropakis, Nikolaos, Jaroucheh, Zakwan, Buchanan, William J..  2021.  Privacy-preserving and Trusted Threat Intelligence Sharing using Distributed Ledgers. 2021 14th International Conference on Security of Information and Networks (SIN). 1:1—6.
Threat information sharing is considered as one of the proactive defensive approaches for enhancing the over-all security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack—the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT&CK framework.
2022-03-01
Maria Stephen, Steffie, Jaekel, Arunita.  2021.  Blockchain Based Vehicle Authentication Scheme for Vehicular Ad-hoc Networks. 2021 IEEE Intelligent Vehicles Symposium Workshops (IV Workshops). :1–6.
Vehicular Ad Hoc Network (VANET) is a pervasive network, where vehicles communicate with nearby vehicles and infrastructure nodes, such as Road-side unit (RSU). Information sharing among vehicles is an essential component of an intelligent transportation system (ITS), but security and privacy concerns must be taken into consideration. Security of the network can be improved by granting access only to authenticated vehicles and restricting or revoking access for vehicles involved in misbehavior. In this paper, we present a novel blockchain based approach to authenticate vehicles and notify other vehicles about any unauthorized messages in real time. This helps protect other vehicles in the network from making critical decisions based on false or inaccurate information. In the proposed architecture, vehicles communicate with each other using pseudonyms or pseudo IDs and the Blockchain is used to securely maintain the real identity of all vehicles, which can be linked to the pseudo IDs if needed. The goal is to protect privacy or individual vehicles, while still ensuring accountability in case of misbehavior. The performance of the proposed approach is evaluated for different vehicle and attacker densities, and results demonstrate it has lower authentication delay and communication overhead compared to existing approaches.
2022-02-04
Zadsar, Masoud, Abazari, Ahmadreza, Ansari, Mostafa, Ghafouri, Mohsen, Muyeen, S. M., Blaabjerg, Frede.  2021.  Central Situational Awareness System for Resiliency Enhancement of Integrated Energy Systems. 2021 IEEE 4th International Conference on Computing, Power and Communication Technologies (GUCON). :1–6.
In integrated gas and electricity energy systems, a catastrophic outage in one system could propagate to other, resulting in severe service interruption like what happened in 2021 Texas Blackout. To alleviate detrimental effects of these events, a coordinated effort must be adopted between integrated energy systems. In this paper, a central situational awareness system (CSAS) is developed to improve the coordination of operational resiliency measures by facilitating information sharing between power distribution systems (PDSs) and natural gas networks (NGNs) during emergency conditions. The CSAS collects operational data of the PDS and the NGN as well as data of upcoming weather condition, extracts the most vulnerable lines and pipelines, and accordingly obtains emergency actions. The emergency actions, i.e., optimal multi-microgrid formation, scheduling of distribution energy resources (DERs), and optimal electrical and gas load shedding plan, are optimized through a coupled graph-based approach with stochastic mixed integer linear programming (MILP) model. In the proposed model, uncertainties of renewable energy resources (RESs) is also considered. Numerical results on an integrated IEEE 33-bus and 30-node NGNs demonstrate the effectiveness of proposed CSAS.
2022-01-10
Maabane, Jubilant Swelihle, Heymann, Reolyn.  2021.  An Information Theoretic Approach to Assist in Identifying Counterfeit Consumer Goods. 2021 IEEE AFRICON. :1–6.
In an increasingly connected world where products are just a click away, there is a growing need for systems that seek to equip consumers with the necessary tools to identify misrepresented products. Sub-standard ingredients used in the production of sanitary towels can pose a serious health risk to the consumer. Informal retailers or Spaza-shops have been accused of selling counterfeit food products to unsuspecting consumers. In this paper, we propose a system that can be used by consumers to scan a quick response (QR) code printed on the product. Built into an android application, is a system that applies the RSA public key encryption algorithm to secure the data prior to encoding into the QR code. The proposed system is also responsible for updating location data of previous scans on a dedicated cloud database. Upon completion of a field test, having collected months of consumer data, counterfeit prediction can be improved. In addition, a timely warning can be sent to a customer and relevant authorities if a unique product batch number is scanned outside of an expected area.
2021-11-29
Imanimehr, Fatemeh, Gharaee, Hossein, Enayati, Alireza.  2020.  An Architecture for National Information Sharing and Alerting System. 2020 10th International Symposium onTelecommunications (IST). :217–221.
Protecting critical infrastructure from cyber threats is one of the most important obligations of governments to ensure the national and social security of the society. Developing national cyber situational awareness platform provides a protection of critical infrastructures. In such a way, each infrastructure, independently, generates its own situational awareness and shares it with other infrastructures through a national sharing and alerting center. The national information sharing and alerting center collects cyber information of infrastructures and draws a picture of national situational awareness by examining the potential effects of received threats on other infrastructures and predicting the national cyber status in near future. This paper represents the conceptual architecture for such national sharing system and suggests some brief description of its implementation.
2021-07-07
Kanwal, Nadia, Asghar, Mamoona Naveed, Samar Ansari, Mohammad, Lee, Brian, Fleury, Martin, Herbst, Marco, Qiao, Yuansong.  2020.  Chain-of-Evidence in Secured Surveillance Videos using Steganography and Hashing. 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :257–264.
Video sharing from closed-circuit television video recording or in social media interaction requires self-authentication for responsible and reliable data sharing. Similarly, surveillance video recording is a powerful method of deterring unlawful activities. A Solution-by-Design can be helpful in terms of making a captured video immutable, as such recordings cannot become a piece of evidence until proven to be unaltered. This paper presents a computationally inexpensive method of preserving a chain-of-evidence in surveillance videos using steganography and hashing. The method conforms to the data protection regulations which are increasingly adopted by governments, and is applicable to network edge storage. Security credentials are stored in a hardware wallet independently of the video capture device itself, while evidential information is stored within video frames themselves, independently of the content. The proposed method has turned out to not only preserve the integrity of the stored video data but also results in very limited degradation of the video data due to steganography. Despite the presence of steganographic information, video frames are still available for common image processing tasks such as tracking and classification.
2021-03-17
Lee, Y., Woo, S., Song, Y., Lee, J., Lee, D. H..  2020.  Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis. IEEE Access. 8:120009—120018.
Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.
2020-11-02
Singh, Dhananjay, Tripathi, Gaurav, Shah, Sayed Chhattan, da Rosa Righi, Rodrigo.  2018.  Cyber physical surveillance system for Internet of Vehicles. 2018 IEEE 4th World Forum on Internet of Things (WF-IoT). :546—551.

Internet of Vehicle (IoV) is an essential part of the Intelligent Transportation system (ITS) which is growing exponentially in the automotive industry domain. The term IoV is used in this paper for Internet of Vehicles. IoV is conceptualized for sharing traffic, safety and several other vehicle-related information between vehicles and end user. In recent years, the number of connected vehicles has increased allover the world. Having information sharing and connectivity as its advantage, IoV also faces the challenging task in the cybersecurity-related matters. The future consists of crowded places in an interconnected world through wearable's, sensors, smart phones etc. We are converging towards IoV technology and interactions with crowded space of connected peoples. However, this convergence demands high-security mechanism from the connected crowd as-well-as other connected vehicles to safeguard of proposed IoV system. In this paper, we coin the term of smart people crowd (SPC) and the smart vehicular crowd (SVC) for the Internet of Vehicles (IoV). These specific crowds of SPC and SVC are the potential cyber attackers of the smart IoV. People connected to the internet in the crowded place are known as a smart crowd. They have interfacing devices with sensors and the environment. A smart crowd would also consist of the random number of smart vehicles. With the future converging in to the smart connected framework for crowds, vehicles and connected vehicles, we present a novel cyber-physical surveillance system (CPSS) framework to tackle the security threats in the crowded environment for the smart automotive industry and provide the cyber security mechanism in the crowded places. We also describe an overview of use cases and their security challenges on the Internet of Vehicles.

2020-10-19
Sharma, Sachin, Ghanshala, Kamal Kumar, Mohan, Seshadri.  2019.  Blockchain-Based Internet of Vehicles (IoV): An Efficient Secure Ad Hoc Vehicular Networking Architecture. 2019 IEEE 2nd 5G World Forum (5GWF). :452–457.
With the transformation of connected vehicles into the Internet of Vehicles (IoV), the time is now ripe for paving the way for the next generation of connected vehicles with novel applications and innovative security measures. The connected vehicles are experiencing prenominal growth in the auto industry, but are still studded with many security and privacy vulnerabilities. Today's IoV applications are part of cyber physical communication systems that collect useful information from thousands of smart sensors associated with the connected vehicles. The technology advancement has paved the way for connected vehicles to share significant information among drivers, auto manufacturers, auto insurance companies and operational and maintenance service providers for various applications. The critical issues in engineering the IoV applications are effective to use of the available spectrum and effective allocation of good channels an opportunistic manner to establish connectivity among vehicles, and the effective utilization of the infrastructure under various traffic conditions. Security and privacy in information sharing are the main concerns in a connected vehicle communication network. Blockchain technology facilitates secured communication among users in a connected vehicles network. Originally, blockchain technology was developed and employed with the cryptocurrency. Bitcoin, to provide increased trust, reliability, and security among users based on peer-to-peer networks for transaction sharing. In this paper, we propose to integrate blockchain technology into ad hoc vehicular networking so that the vehicles can share network resources with increased trust, reliability, and security using distributed access control system and can benefit a wider scope of scalable IoV applications scenarios for decision making. The proposed architecture is the faithful environment for information sharing among connected vehicles. Blockchain technology allows multiple copies of data storage at the distribution cloud. Distributed access control system is significantly more secure than a traditional centralized system. This paper also describes how important of ad hoc vehicular networking in human life, possibilities in real-world implementation and its future trends. The ad hoc vehicular networking may become one of the most trendy networking concepts in the future that has the perspective to bring out much ease human beneficial and secured applications.
2020-10-16
Liu, Liping, Piao, Chunhui, Jiang, Xuehong, Zheng, Lijuan.  2018.  Research on Governmental Data Sharing Based on Local Differential Privacy Approach. 2018 IEEE 15th International Conference on e-Business Engineering (ICEBE). :39—45.

With the construction and implementation of the government information resources sharing mechanism, the protection of citizens' privacy has become a vital issue for government departments and the public. This paper discusses the risk of citizens' privacy disclosure related to data sharing among government departments, and analyzes the current major privacy protection models for data sharing. Aiming at the issues of low efficiency and low reliability in existing e-government applications, a statistical data sharing framework among governmental departments based on local differential privacy and blockchain is established, and its applicability and advantages are illustrated through example analysis. The characteristics of the private blockchain enhance the security, credibility and responsiveness of information sharing between departments. Local differential privacy provides better usability and security for sharing statistics. It not only keeps statistics available, but also protects the privacy of citizens.

2020-09-04
Zheng, Shengbao, Zhou, Zhenyu, Tang, Heyi, Yang, Xiaowei.  2019.  SwitchMan: An Easy-to-Use Approach to Secure User Input and Output. 2019 IEEE Security and Privacy Workshops (SPW). :105—113.

Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions.

2020-06-01
Mohd Ariffin, Noor Afiza, Mohd Sani, Noor Fazlida.  2018.  A Multi-factor Biometric Authentication Scheme Using Attack Recognition and Key Generator Technique for Security Vulnerabilities to Withstand Attacks. 2018 IEEE Conference on Application, Information and Network Security (AINS). :43–48.
Security plays an important role in many authentication applications. Modern era information sharing is boundless and becoming much easier to access with the introduction of the Internet and the World Wide Web. Although this can be considered as a good point, issues such as privacy and data integrity arise due to the lack of control and authority. For this reason, the concept of data security was introduced. Data security can be categorized into two which are secrecy and authentication. In particular, this research was focused on the authentication of data security. There have been substantial research which discusses on multi-factor authentication scheme but most of those research do not entirely protect data against all types of attacks. Most current research only focuses on improving the security part of authentication while neglecting other important parts such as the accuracy and efficiency of the system. Current multifactor authentication schemes were simply not designed to have security, accuracy, and efficiency as their main focus. To overcome the above issue, this research will propose a new multi-factor authentication scheme which is capable to withstand external attacks which are known security vulnerabilities and attacks which are based on user behavior. On the other hand, the proposed scheme still needs to maintain an optimum level of accuracy and efficiency. From the result of the experiments, the proposed scheme was proven to be able to withstand the attacks. This is due to the implementation of the attack recognition and key generator technique together with the use of multi-factor in the proposed scheme.
2020-04-03
Sadique, Farhan, Bakhshaliyev, Khalid, Springer, Jeff, Sengupta, Shamik.  2019.  A System Architecture of Cybersecurity Information Exchange with Privacy (CYBEX-P). 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0493—0498.
Rapid evolution of cyber threats and recent trends in the increasing number of cyber-attacks call for adopting robust and agile cybersecurity techniques. Cybersecurity information sharing is expected to play an effective role in detecting and defending against new attacks. However, reservations and or-ganizational policies centering the privacy of shared data have become major setbacks in large-scale collaboration in cyber defense. The situation is worsened by the fact that the benefits of cyber-information exchange are not realized unless many actors participate. In this paper, we argue that privacy preservation of shared threat data will motivate entities to share threat data. Accordingly, we propose a framework called CYBersecurity information EXchange with Privacy (CYBEX-P) to achieve this. CYBEX-P is a structured information sharing platform with integrating privacy-preserving mechanisms. We propose a complete system architecture for CYBEX-P that guarantees maximum security and privacy of data. CYBEX-P outlines the details of a cybersecurity information sharing platform. The adoption of blind processing, privacy preservation, and trusted computing paradigms make CYBEX-P a versatile and secure information exchange platform.
2020-03-18
Uthayashangar, S., Dhamini, P., Mahalakshmi, M., Mangayarkarasi, V..  2019.  Efficient Group Data Sharing In Cloud Environment Using Honey Encryption. 2019 IEEE International Conference on System, Computation, Automation and Networking (ICSCAN). :1–3.
Cloud computing is a rapid growing advanced technology which is Internet based, providing various ways for storage, resource sharing, and various features. It has brought a new way to securely store and share information and data with multiple users and groups. The cloud environment deals with many problems, and one of the most important problems in recent days is the security issues. Sharing the data in a group, in cloud conditions has turned into a blazing theme in up and coming decades. Thus the blasting interest in cloud computing, ways and measures to accomplish secure and effective information and data sharing in the cloud is a flourishing point to be engaged. In this way, the venture centers around empowering information sharing and capacity for a similar gathering inside the cloud with high security and intensity. Therefore, Honey Encryption and Advanced Encryption Standard is used for providing security for the data shared within the group by the crew members in cloud environment. In addition, an access key is provided by the Group Manager to enable access to the documents and files stored in cloud by the users for specific time period.
2019-04-05
Ardi, Calvin, Heidemann, John.  2018.  Leveraging Controlled Information Sharing for Botnet Activity Detection. Proceedings of the 2018 Workshop on Traffic Measurements for Cybersecurity. :14-20.

Today's malware often relies on DNS to enable communication with command-and-control (C&C). As defenses that block C&C traffic improve, malware use sophisticated techniques to hide this traffic, including "fast flux" names and Domain-Generation Algorithms (DGAs). Detecting this kind of activity requires analysis of DNS queries in network traffic, yet these signals are sparse. As bot countermeasures grow in sophistication, detecting these signals increasingly requires the synthesis of information from multiple sites. Yet sharing security information across organizational boundaries to date has been infrequent and ad hoc because of unknown risks and uncertain benefits. In this paper, we take steps towards formalizing cross-site information sharing and quantifying the benefits of data sharing. We use a case study on DGA-based botnet detection to evaluate how sharing cybersecurity data can improve detection sensitivity and allow the discovery of malicious activity with greater precision.

2019-03-28
Schroeder, Jill M., Manz, David O., Amaya, Jodi P., McMakin, Andrea H., Bays, Ryan M..  2018.  Understanding Past, Current and Future Communication and Situational Awareness Technologies for First Responders. Proceedings of the Fifth Cybersecurity Symposium. :2:1-2:14.
This study builds a foundation for improving research for first responder communication and situational awareness technology in the future. In an online survey, we elicited the opinions of 250 U.S. first responders about effectiveness, security, and reliability of past, current, and future Internet of Things technology. The most desired features respondents identified were connectivity, reliability, interoperability, and affordability. The top barriers to technology adoption and use included restricted budgets/costs, interoperability, insufficient training resources, and insufficient interagency collaboration and communication. First responders in all job types indicated that technology has made first responder equipment more useful, and technology that supports situational awareness is particularly valued. As such, future Internet of Things capabilities, such as tapping into smart device data in residences and piggybacking onto alternative communication channels, could be valuable for future first responders. Potential areas for future investigation are suggested for technology development and research.
2018-11-14
Alagar, V., Alsaig, A., Ormandjiva, O., Wan, K..  2018.  Context-Based Security and Privacy for Healthcare IoT. 2018 IEEE International Conference on Smart Internet of Things (SmartIoT). :122–128.

Healthcare Internet of Things (HIoT) is transforming healthcare industry by providing large scale connectivity for medical devices, patients, physicians, clinical and nursing staff who use them and facilitate real-time monitoring based on the information gathered from the connected things. Heterogeneity and vastness of this network provide both opportunity and challenges for information collection and sharing. Patient-centric information such as health status and medical devices used by them must be protected to respect their safety and privacy, while healthcare knowledge should be shared in confidence by experts for healthcare innovation and timely treatment of patients. In this paper an overview of HIoT is given, emphasizing its characteristics to those of Big Data, and a security and privacy architecture is proposed for it. Context-sensitive role-based access control scheme is discussed to ensure that HIoT is reliable, provides data privacy, and achieves regulatory compliance.