Biblio

Emerging hardware architectures for Deep Neural Networks (DNNs) are being commercialized and considered as the hardware- level Intellectual Property (IP) of the device providers. However, these intelligent devices might be abused and such vulnerability has not been identified. The unregulated usage of intelligent platforms and the lack of hardware-bounded IP protection impair the commercial advantage of the device provider and prohibit reliable technology transfer. Our goal is to design a systematic methodology that provides hardware-level IP protection and usage control for DNN applications on various platforms. To address the IP concern, we present DeepAttest, the first on-device DNN attestation method that certifies the legitimacy of the DNN program mapped to the device. DeepAttest works by designing a device-specific fingerprint which is encoded in the weights of the DNN deployed on the target platform. The embedded fingerprint (FP) is later extracted with the support of the Trusted Execution Environment (TEE). The existence of the pre-defined FP is used as the attestation criterion to determine whether the queried DNN is authenticated. Our attestation framework ensures that only authorized DNN programs yield the matching FP and are allowed for inference on the target device. DeepAttest provisions the device provider with a practical solution to limit the application usage of her manufactured hardware and prevents unauthorized or tampered DNNs from execution. We take an Algorithm/Software/Hardware co-design approach to optimize DeepAttest's overhead in terms of latency and energy consumption. To facilitate the deployment, we provide a high-level API of DeepAttest that can be seamlessly integrated into existing deep learning frameworks and TEEs for hardware-level IP protection and usage control. Extensive experiments corroborate the fidelity, reliability, security, and efficiency of DeepAttest on various DNN benchmarks and TEE-supported platforms.

In this paper, we propose a conditional privacy-preserving authentication scheme based on pseudonyms and (t,n) threshold secret sharing, named CPPT, for vehicular communications. To achieve conditional privacy preservation, our scheme implements anonymous communications based on pseudonyms generated by hash chains. To prevent bad vehicles from conducting framed attacks on honest ones, CPPT introduces Shamir (t,n) threshold secret sharing technique. In addition, through two one-way hash chains, forward security and backward security are guaranteed, and it also optimize the revocation overhead. The size of certificate revocation list (CRL) is only proportional to the number of revoked vehicles and irrelated to how many pseudonymous certificates are held by the revoked vehicles. Extensive simulations demonstrate that CPPT outperforms ECPP, DCS, Hybrid and EMAP schemes in terms of revocation overhead, certificate updating overhead and authentication overhead.

We explore how to build a blind certificate authority (CA). Unlike conventional CAs, which learn the exact identity of those registering a public key, a blind CA can simultaneously validate an identity and provide a certificate binding a public key to it, without ever learning the identity. Blind CAs would therefore allow bootstrapping truly anonymous systems in which no party ever learns who participates. In this work we focus on constructing blind CAs that can bind an email address to a public key. To do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing “alice” to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.

With the rapid development of micro-electronics and Information and Communication Technology (ICT), users can utilize various service such as Internet of Things(IoT), smart-healthcare and smart-home using wearable devices. However, the sensitive information of user are revealed by attackers because the medical services are provided through open channel. Therefore, secure mutual authentication and key establishment are essential to provide secure services for legitimate users in Wireless Body Area Networks(WBAN). In 2019, Gupta et al. proposed a lightweight anonymous user authentication and key establishment scheme for wearable devices. We demonstrate that their scheme cannot withstand user impersonation, session key disclosure and wearable device stolen attacks. We also propose a secure and lightweight mutual authentication and key establishment scheme using wearable devices to resolve the security shortcomings of Gupta et al.'s scheme. The proposed scheme can be suitable to resource-limited environments.

As the technological progress of mobile Internet, smartphone based on Android OS accounts for the vast majority of market share. The traditional encryption technology cannot resolve the dilemma in smartphone information leakage, and the Android-based authentication system in view of biometric recognition emerge to offer more reliable information assurance. In this paper, we summarize several biometrics providing their attributes. Furthermore, we also review the algorithmic framework and performance index acting on authentication techniques. Thus, typical identity authentication systems including their experimental results are concluded and analyzed in the survey. The article is written with an intention to provide an in-depth overview of Android-based biometric verification systems to the readers.

Vehicle ad-hoc network (VANET) is the main driving force to alleviate traffic congestion and accelerate the construction of intelligent transportation. However, the rapid growth of the number of vehicles makes the construction of the safety system of the vehicle network facing multiple tests. This paper proposes an identity-based aggregate signature scheme to protect the privacy of vehicle identity, receive messages in time and authenticate quickly in VANET. The scheme uses aggregate signature algorithm to aggregate the signatures of multiple users into one signature, and joins the idea of batch authentication to complete the authentication of multiple vehicular units, thereby improving the verification efficiency. In addition, the pseudoidentity of vehicles is used to achieve the purpose of vehicle anonymity and privacy protection. Finally, the secure storage of message signatures is effectively realized by using reliable cloud storage technology. Compared with similar schemes, this paper improves authentication efficiency while ensuring security, and has lower storage overhead.

Voice user interfaces have increased in popularity, as they enable natural interaction with different applications using one's voice. To improve their usability and audio quality, several devices could interact to provide a unified voice user interface. However, with devices cooperating and sharing voice-related information, user privacy may be at risk. Therefore, access management rules that preserve user privacy are important. State-of-the-art methods for acoustic pairing of devices provide fingerprinting based on the time-frequency representation of the acoustic signal and error-correction. We propose to use such acoustic fingerprinting to authorise devices which are acoustically close. We aim to obtain fingerprints of ambient audio adapted to the requirements of voice user interfaces. Our experiments show that the responsiveness and robustness is improved by combining overlapping windows and decorrelating transforms.

A trademark may be a word, phrase, symbol, sound, color, scent or design, or combination of these, that identifies and distinguishes the products or services of a particular source from those of others. Obtaining a trademark is a complex, time intensive and costly process that involves varied steps before the trademark can be registered including searching prior trademarks, filing of the trademark application, review of the trademark application and final publication for opposition by the public. Currently, the process of trademark registration, renewal and validation faces numerous challenges such as the requirement for registration in different jurisdictions, maintenance of centralized databases in different jurisdictions, proving the authenticity of the physical trademark documents, identifying the violation and abuse of the intellectual property etc. to name a few. Recently, blockchain technology has shown great potential in a variety of industries such as finance, education, energy and resource management, healthcare, due to its decentralization and non-tampering features. Furthermore, in the recent years, smart contracts have attracted increased attention due to the popularity of blockchains. In this study, we have utilized Hyperledger fabric as the permissioned blockchain framework along with smart contracts to provide solution to the financial, procedural, enforcement and protection related challenges of the current trademark system. Our blockchain based application seeks to provide a secure, decentralized, immutable trademark system that can be utilized by the intellectual property organizations across different jurisdictions for easily and effectively registering, renewing, validating and distributing digital trademark certificates.

Internet of things era grown very rapidly in Industrial Revolution 4.0, there are many researchers use the Wireless Sensor Network (WSN) technology to obtain the data for environmental monitoring. The data obtained from WSN will be sent to the Data Center, where users can view and collect all of data from the Data Center using end devices such as personal computer, laptop, and mobile phone. The Data Center would be very dangerous, because everyone can intercept, track and even modify the data. Security requirement to ensure the confidentiality all of stored data in the data center and give the authenticity in data has not changed during the collection process. Ciphertext Policy Attribute-Based Encryption (CP-ABE) can become a solution to secure the confidentiality for all of data. Only users with appropriate rule of policy can get the original data. To guarantee there is no changes during the collection process of the data then require the time stamp digital signature for securing the data integrity. To protect the confidentiality and data integrity, we propose a security mechanism using CP-ABE with user revocation and Time Stamp Digital Signature using Elliptic Curve Cryptography (ECC) 384 bits. Our system can do the revocation for the users who did the illegal access. Our system is not only securing the data but also providing the guarantee that is no changes during the collection process of the data from the Data Center.

In a computer world, to identify anyone by doing a job or to authenticate by checking their identification and give access to computer. Access Control model comes in to picture when require to grant the permissions to individual and complete the duties. The access control models cannot give complete security when dealing with cloud computing area, where access control model failed to handle the attributes which are requisite to inhibit access based on time and location. When the data outsourced in the cloud, the information holders expect the security and confidentiality for their outsourced data. The data will be encrypted before outsourcing on cloud, still they want control on data in cloud server, where simple encryption is not a complete solution. To irradiate these issues, unlike access control models proposed Attribute Based Encryption standards (ABE). In ABE schemes there are different types like Key Policy-ABE (KP-ABE), Cipher Text-ABE (CP-ABE) and so on. The proposed method applied the access control policy of CP-ABE with Advanced Encryption Standard and used elliptic curve for key generation by using multi stage encryption which divides the users into two domains, public and private domains and shuffling the data base records to protect from inference attacks.

Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology that provides fine-grained access control as well as data confidentiality. It enables one sender to encrypt the data for more receivers, and to specify a policy on who can decrypt the ciphertext using his/her attributes alone. However, most existing ABE schemes are constructed on bilinear maps and they cannot resist quantum attacks. In this paper, we propose a multi-authority CP-ABE (MA-CPABE) scheme on ideal lattices which is still secure in post-quantum era. On one hand, multiple attribute authorities are required when user's attributes cannot be managed by a central authority. On the other hand, compared with generic lattice, the ideal lattice has extra algebraic structure and can be used to construct more efficient cryptographic applications. By adding some virtual attributes for each authority, our scheme can support flexible threshold access policy. Security analysis shows that the proposed scheme is secure against chosen plaintext attack (CPA) in the standard model under the ring learning with errors (R-LWE) assumption.

Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

Smart grid systems data has been exposed to several threats and attacks from different perspectives and have resulted in several system failures. Obtaining security of data and key exposure and enhancing system ability in data collection and transmission process are challenging, on the grounds smart grid data is sensitive and enormous sum. In this paper we introduce smart grid data security method along with advanced Cipher text policy attribute based encryption (CP-ABE). Cloud supported IoT is widely used in smart grid systems. Smart IoT devices collect data and perform status management. Data obtained from the IOT devices will be divided into blocks and encrypted data will be stored in different cloud server with different encrypted keys even when one cloud server is assaulted and encrypted key is exposed data cannot be decrypted, thereby the transmission and encryption process are done in correspondingly. We protect access-tree structure information even after the data is shared to user by solving revocation problem in which cloud will inform data owner to revoke and update encryption key after user has downloaded the data, which preserves the data privacy from unauthorized users. The analysis of the system concludes that our proposed system can meet the security requirements in smart grid systems along with cloud-Internet of things.

In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.

Cloud offers flexible and cost effective storage for big data but the major challenge is access control of big data processing. CP-ABE is a desirable solution for data access control in cloud. However, in CP-ABE the access policy may leak user's private information. To address this issue, Hidden Policy CP-ABE schemes proposed but those schemes still causing data leakage problem because the access policies are partially hidden and create more computational cost. In this paper, we propose a New Hidden Policy Ciphertext Policy Attribute Based Encryption (HP-CP-ABE) to ensure Big Data Access Control with Privacy-preserving Policy in Cloud. In proposed method, we used Multi Secret Sharing Scheme(MSSS) to reduce the computational overhead, while encryption and decryption process. We also applied mask technique on each attribute in access policy and embed the access policy in ciphertext, to protect user's private information from access policy. The security analysis shows that HP-CP-ABE is more secure and preserve the access policy privacy. Performance evaluation shows that our schemes takes less computational cost than existing scheme.

Cloud computing has a major role in the development of commercial systems. It enables companies like Microsoft, Amazon, IBM and Google to deliver their services on a large scale to its users. A cloud service provider manages cloud computing based services and applications. For any organization a cloud service provider (CSP) is an entity which works within it. So it suffers from vulnerabilities associated with organization, including internal and external attacks. So its challenge to organization to secure a cloud service provider while providing quality of service. Attribute based encryption can be used to provide data security with Key policy attribute based encryption (KP-ABE) or ciphertext policy attribute based encryption (CP-ABE). But these schemes has lack of scalability and flexibility. Hierarchical CP-ABE scheme is proposed here to provide fine grained access control. Data security is achieved using encryption, authentication and authorization mechanisms. Attribute key generation is proposed for implementing authorization of users. The proposed system is prevented by SQL Injection attack.

Aiming at the increasing popularity of mobile terminals, a CP-ABE scheme adapted to lightweight decryption at the mobile end is proposed. The scheme has the function of supporting timely attributes revocation and policy hiding. Firstly, we will introduce the related knowledge of attribute base encryption. After that, we will give a specific CP-ABE solution. Finally, in the part of the algorithm analysis, we will give analysis performance and related security, and compare this algorithm with other algorithms.

Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.

Platoon is one of cooperative driving applications where a set of vehicles can collaboratively sense each other for driving safety and traffic efficiency. However, platoon without security insurance makes the cooperative vehicles vulnerable to cyber-attacks, which may cause life-threatening accidents. In this paper, we introduce malicious attacks in platoon maneuvers. To defend against these attacks, we propose a Cyphertext-Policy Attribute-Based Encryption (CP-ABE) based Platoon Secure Sensing scheme, named CPSS. In the CPSS, platoon key is encapsulated in the access control structure in the key distribution process, so that interference messages sending by attackers without the platoon key could be ignored. Therefore, the sensing data which contains speed and position information can be protected. In this way, speed and distance fluctuations caused by attacks can be mitigated even eliminated thereby avoiding the collisions and ensuring the overall platoon stability. Time complexity analysis shows that the CPSS is more efficient than that of the polynomial time solutions. Finally, to evaluate capabilities of the CPSS, we integrate a LTE-V2X with platoon maneuvers based on Veins platform. The evaluation results show that the CPSS outperforms the baseline algorithm by 25% in terms of distance variations.

Most searchable attribute-based encryption schemes only support the search for single-keyword without attribute revocation, the data user cannot quickly detect the validity of the ciphertext returned by the cloud service provider. Therefore, this paper proposes an authorization of searchable CP-ABE scheme with attribute revocation and applies the scheme to the cloud computing environment. The data user to send the authorization information to the authorization server for authorization, assists the data user to effectively detect the ciphertext information returned by the cloud service provider while supporting the revocation of the user attribute in a fine-grained access control structure without updating the key during revocation stage. In the random oracle model based on the calculation of Diffie-Hellman problem, it is proved that the scheme can satisfy the indistinguishability of ciphertext and search trapdoor. Finally, the performance analysis shows that the scheme has higher computational efficiency.

Ciphertext storage can effectively solve the security problems in cloud storage, among which the ciphertext policy attribute-based encryption (CP-ABE) is more suitable for ciphertext access control in cloud storage environment for it can achieve one-to-many ciphertext sharing. The existing attribute encryption scheme CP-ABE has problems with revocation such as coarse granularity, untimeliness, and low efficiency, which cannot meet the demands of cloud storage. This paper proposes an RCP-ABE scheme that supports real-time revocable fine-grained attributes for the existing attribute revocable scheme, the scheme of this paper adopts the version control technology to realize the instant revocation of the attributes. In the key update mechanism, the subset coverage technology is used to update the key, which reduces the workload of the authority. The experimental analysis shows that RCP-ABE is more efficient than other schemes.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.

Ciphertext Policy Attribute Based Encryption techniques provide fine grained access control to securely share the data in the organizations where access rights of users vary according to their roles. We have noticed that various key delegation mechanisms are provided for CP-ABE schemes but no key delegation mechanism exists for CP-ABE with hidden access policy. In practical, users' identity may be revealed from access policy in the organizations and unlimited further delegations may results in unauthorized data access. For maintaining the users' anonymity, the access structure should be hidden and every user must be restricted for specified further delegations. In this work, we have presented a flexible secure key delegation mechanism for CP-ABE with hidden access structure. The proposed scheme enhances the capability of existing CP-ABE schemes by supporting flexible delegation, attribute revocation and user revocation with negligible enhancement in computational cost.

Users can directly access and share information from portable devices such as a smartphone or an Internet of Things (IoT) device. However, to prevent them from becoming victims to launch cyber attacks, they must allow selective sharing based on roles of the users such as with the Ciphertext-Policy Attribute Encryption (CP-ABE) scheme. However, to match the resource constraints, the scheme must be efficient for storage. It must also protect the device from malicious users as well as allow uninterrupted access to valid users. This paper presents the CCA secure PROxy-based Scalable Revocation for Constant Cipher-text (C-PROSRCC) scheme, which provides scalable revocation for a constant ciphertext length CP-ABE scheme. The scheme has a constant number of pairings and computations. It can also revoke any number of users and does not require re-encryption or redistribution of keys. We have successfully implemented the C-PROSRCC scheme. The qualitative and quantitative comparison with related schemes indicates that C-PROSRCC performs better with acceptable overheads. C-PROSRCC is Chosen Ciphertext Attack (CCA) secure. We also present a case study to demonstrate the use of C-PROSRCC for mobile-based selective sharing of a family car.

Technology development has led to rapid increase in demands for multimedia applications. Due to this demand, digital archives are increasingly used to store these multimedia contents. Cloud is the commonly used archive to store, transmit, receive and share multimedia contents. Cloud makes use of internet to perform these tasks due to which data becomes more prone to attacks. Data security and privacy are compromised. This can be avoided by limiting data access to authenticated users and by hiding the data from cloud services that cannot be trusted. Hiding data from the cloud services involves encrypting the data before storing it into the cloud. Data to be shared with other users can be encrypted by utilizing Cipher Text-Policy Attribute Based Encryption (CP-ABE). CP-ABE is used which is a cryptographic technique that controls access to the encrypted data. The pairing-based computation based on bilinearity is used in ABE due to which the requirements for resources like memory and power supply increases rapidly. Most of the devices that we use today have limited memory. Therefore, an efficient pairing free CP- ABE access control scheme using elliptic curve cryptography has been used. Pairing based computation is replaced with scalar product on elliptic curves that reduces the necessary memory and resource requirements for the users. Even though pairing free CP-ABE is used, it is easier to retrieve the plaintext of a secret message if cryptanalysis is used. Therefore, this paper proposes to combine cryptography with steganography in such a way by embedding crypto text into an image to provide increased level of data security and data ownership for sub-optimal multimedia applications. It makes it harder for a cryptanalyst to retrieve the plaintext of a secret message from a stego-object if steganalysis were not used. This scheme significantly improved the data security as well as data privacy.