Biblio

Technologies such as cloud computing and big data management, have lately made significant progress creating an urgent need for specific databases that can safely store extensive data along with high availability. Specifically, a growing number of companies have adopted various types of non-relational databases, commonly referred to as NoSQL databases. These databases provide a robust mechanism for the storage and retrieval of large amounts of data without using a predefined schema. NoSQL platforms are superior to RDBMS, especially in cases when we are dealing with big data and parallel processing, and in particular, when there is no need to use relational modeling. Sensitive data is stored daily in NoSQL Databases, making the privacy problem more serious while raising essential security issues. In our paper, security and privacy issues when dealing with NoSQL databases are introduced and in following, security mechanisms and privacy solutions are thoroughly examined.

Big data analytics, in essence, is becoming the revolution of business intelligence around the world. This momentum has given rise to the hype around analytic technologies, including Apache Hadoop. Hadoop was not originally developed with security in mind. Despite the evolving efforts to integrate security in Hadoop through developing new tools (e.g., Apache Sentry and Ranger) and employing traditional mechanisms (e.g., Kerberos and LDAP), they mainly focus on providing encryption and authentication features, albeit with limited authorization support. Existing solutions in the literature extended these evolving efforts. However, they suffer from limitations, hindering them from providing robust authorization that effectively meets the unique requirements of big data environments. Towards covering this gap, this paper proposes a hybrid authority (HBD-Authority) as a formal attribute-based access control model with context support. This model is established on a novel hybrid approach of authorization transparency that pertains to three fundamental properties of accuracy: correctness, security, and completeness. The model leverages streaming data analytics to foster distributed parallel processing capabilities that achieve multifold benefits: a) efficiently managing the security policies and promptly updating the privileges assigned to a high number of users interacting with the analytic services; b) swiftly deciding and enforcing authorization of requests over data characterized by the 5Vs; and c) providing dynamic protection for data which is frequently updated. The implementation details and experimental evaluation of the proposed model are presented, demonstrating its performance efficiency.

The growing size of modern datasets necessitates splitting a large scale computation into smaller computations and operate in a distributed manner for improving overall performance. However, adversarial servers in a distributed computing system deliberately send erroneous data in order to affect the computation for their benefit. Computing Boolean functions is the key component of many applications of interest, e.g., classification problem, verification functions in the blockchain and the design of cryptographic algorithm. In this paper, we consider the problem of computing a Boolean function in which the computation is carried out distributively across several workers with particular focus on security against Byzantine workers. We note that any Boolean function can be modeled as a multivariate polynomial which can have high degree in general. Hence, the recently proposed Lagrange Coded Computing (LCC) can be used to simultaneously provide resiliency, security, and privacy. However, the security threshold (i.e., the maximum number of adversarial workers that can be tolerated) provided by LCC can be extremely low if the degree of the polynomial is high. Our goal is to design an efficient coding scheme which achieves the optimal security threshold. We propose two novel schemes called coded Algebraic normal form (ANF) and coded Disjunctive normal form (DNF). Instead of modeling the Boolean function as a general polynomial, the key idea of the proposed schemes is to model it as the concatenation of some linear functions and threshold functions. The proposed coded ANF and coded DNF outperform LCC by providing the security threshold which is independent of the polynomial's degree.

We address energy-efficient placement of data and analytics components of composite analytics services on a wireless network to minimize execution-time energy consumption (computation and communication) subject to compute, storage and network resource constraints. We introduce an expressive analytics service hypergraph model for representing k-ary composability relationships (k ≥ 2) between various analytics and data components and leverage binary quadratic programming (BQP) to minimize the total energy consumption of a given placement of the analytics hypergraph nodes on the network subject to resource availability constraints. Then, after defining a potential energy functional Φ(·) to model the affinities of analytics components and network resources using analogs of attractive and repulsive forces in physics, we propose a decentralized Metropolis Monte Carlo (MMC) sampling method which seeks to minimize Φ by moving analytics and data on the network. Although Φ is non-convex, using a potential game formulation, we identify conditions under which the algorithm provably converges to a local minimum energy equilibrium placement configuration. Trace-based simulations of the placement of a deep-neural-network analytics service on a realistic wireless network show that for smaller problem instances our MMC algorithm yields placements with total energy within a small factor of BQP and more balanced workload distributions; for larger problems, it yields low-energy configurations while the BQP approach fails.

The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.

Considering the problem of network security under the background of big data, the clustering analysis algorithms can be utilized to improve the correctness of network intrusion detection models for security management. As a kind of iterative clustering analysis algorithm, K-means algorithm is not only simple but also efficient, so it is widely used. However, the traditional K-means algorithm cannot well solve the network security problem when facing big data due to its high complexity and limited processing ability. In this case, this paper proposes to optimize the traditional K-means algorithm based on the Spark platform and deploy the optimized clustering analysis algorithm in the distributed architecture, so as to improve the efficiency of clustering algorithm for network intrusion detection in big data environment. The experimental result shows that, compared with the traditional K-means algorithm, the efficiency of the optimized K-means algorithm using a Spark-based method is significantly improved in the running time.

with the advent of Cloud Computing a new era of computing has come into existence. No doubt, there are numerous advantages associated with the Cloud Computing but, there is other side of the picture too. The challenges associated with it need a more promising reply as far as the security of data that is stored, in process and in transit is concerned. This paper put forth a cloud computing model that tries to answer the data security queries; we are talking about, in terms of the four cryptographic techniques namely Homomorphic Encryption (HE), Verifiable Computation (VC), Secure Multi-Party Computation (SMPC), Functional Encryption (FE). This paper takes into account the various cryptographic techniques to undertake cloud computing security issues. It also surveys these important (existing) cryptographic tools/techniques through a proposed Cloud computation model that can be used for Big Data applications. Further, these cryptographic tools are also taken into account in terms of CIA triad. Then, these tools/techniques are analyzed by comparing them on the basis of certain parameters of concern.

In order to design an end-to-end data security preservation mechanism, this paper first proposes a grid terminal data security management model based on master-slave Blockchain, including grid terminal, slave Blockchain, and main Blockchain. Among them, the grid terminal mainly completes data generation and data release, the receiving of data and the distributed signature of data are mainly completed from the slave Blockchain, and the main Blockchain mainly completes the intelligent storage of data. Secondly, the data security management mechanism of grid terminal based on master-slave Blockchain is designed, including data distribution process design, data receiving process design, data distributed signature design and data intelligent storage process design. Finally, taking the identity registration and data storage process of the grid terminal as an example, the workflow of the data security management mechanism of the grid terminal based on the master-slave Blockchain is described in detail.

The rapid growth of power Internet of Things devices has led to traditional data security sharing mechanisms that are no longer suitable for attribute and permission management of massive devices. In response to this problem, this article proposes a blockchain-based data security sharing mechanism for the power Internet of Things, which reduces the risk of data leakage through decentralization in the architecture and promotes the integration of multiple information and methods.

With the continuous progress of the information age, e-commerce, the Internet of things and other emerging Internet areas are gradually emerging. Massive amount of structured data auditing becomes a major issue. Log files and other data can be uploaded to the cloud via the Internet to guard against potential threats. Difficulty now is how to realize the data in the field of data audit query online, interactive and impromptu. There are two main methods of data warehouse, respectively is zhang table reduction method and basic data verification method. In the age of big data, data quantity increases gradually, so that the audit speed, design of the data storage and so on will be more or less problematic. If the audit task is not completed in time, it will result in the failure to store the audit data, which will cause losses to enterprises and the government. This paper focuses on the data cube physical model and distributed technical analysis, through the establishment of a set of efficient distributed and online auditing system, so as to make the data fast and efficient auditing.

Information-Centric Networking (ICN) is attracting attention as a content distribution method against increasing network traffic. Content distribution in ICN adopts a pull-type communication method that returns data to Interest. However, in this case, the push-type communication method is advantageous. Therefore, the authors have proposed a method in which a server pushes content to reduce the node load in an environment where a large amount of Interest to specific content occurs in a short time. In this paper, we analyze the packet processing delay time with and without the proposed method in an environment where a router processes a large number of packets using a simulator. Simulation results show that the proposed method can reduce packet processing delay time and node load.

Today, Internet of Things (IoT) devices mostly operate in enclosed, proprietary environments. To unfold the full potential of IoT applications, a unifying and permissionless environment is crucial. All IoT devices, even unknown to each other, would be able to trade services and assets across various domains. In order to realize those applications, uniquely resolvable identities are essential. However, quantifiable trust in identities and their authentication are not trivially provided in such an environment due to the absence of a trusted authority. This research presents a new identity and trust framework for IoT devices, based on Distributed Ledger Technology (DLT). IoT devices assign identities to themselves, which are managed publicly and decentralized on the DLT's network as Self Sovereign Identities (SSI). In addition to the Identity Management System (IdMS), the framework provides a Web of Trust (WoT) approach to enable automatic trust rating of arbitrary identities. For the framework we used the IOTA Tangle to access and store data, achieving high scalability and low computational overhead. To demonstrate the feasibility of our framework, we provide a proof-of-concept implementation and evaluate the set objectives for real world applicability as well as the vulnerability against common threats in IdMSs and WoTs.

Using the blockchain technology to store the privatedocuments of individuals will help make data more reliable and secure, preventing the loss of data and unauthorized access. The Consensus algorithm along with the hash algorithms maintains the integrity of data simultaneously providing authentication and authorization. The paper incorporates the block chain and the Identity Based Encryption management concept. The Identity based Management system allows the encryption of the user's data as well as their identity and thus preventing them from Identity theft and fraud. These two technologies combined will result in a more secure way of storing the data and protecting the privacy of the user.

The growing prevalence of Internet-of-Things (IoT) technology has led to an increase in the development of heterogeneous smart applications. Smart applications may involve a collaborative participation between IoT devices. Participation of IoT devices for specific application requires a tamper-proof identity to be generated and stored, in order to completely represent the device, as well as to eliminate the possibility of identity spoofing and presence of rogue devices in a network. In this paper, we present a composite Identity-of-Things (IDoT) approach on IoT devices with permissioned blockchain implementation for distributed identity management model. Our proposed approach considers both application and device domains in generating the composite identity. In addition, the use of permissioned blockchain for identity storage and verification allows the identity to be immutable. A simulation has been carried out to demonstrate the application of the proposed identity management model.

Managing identity across an ever-growing digital services landscape has become one of the most challenging tasks for security experts. Over the years, several Identity Management (IDM) systems were introduced and adopted to tackle with the growing demand of an identity. In this series, a recently emerging IDM system is Self-Sovereign Identity (SSI) which offers greater control and access to users regarding their identity. This distinctive feature of the SSI IDM system represents a major development towards the availability of sovereign identity to users. uPort is an emerging open-source identity management system providing sovereign identity to users, organisations, and other entities. As an emerging identity management system, it requires meticulous analysis of its architecture, working, operational services, efficiency, advantages and limitations. Therefore, this paper contributes towards achieving all of these objectives. Firstly, it presents the architecture and working of the uPort identity management system. Secondly, it develops a Decentralized Application (DApp) to demonstrate and evaluate its operational services and efficiency. Finally, based on the developed DApp and experimental analysis, it presents the advantages and limitations of the uPort identity management system.

Throughout the life cycle of any technical project, the enterprise needs to assess the risks associated with its development, commissioning, operation and decommissioning. This article defines the task of researching risks in relation to the operation of a data storage subsystem in the cloud infrastructure of a geographically distributed company and the tools that are required for this. Analysts point out that, compared to 2018, in 2019 there were 3.5 times more cases of confidential information leaks from storages on unprotected (freely accessible due to incorrect configuration) servers in cloud services. The total number of compromised personal data and payment information records increased 5.4 times compared to 2018 and amounted to more than 8.35 billion records. Moreover, the share of leaks of payment information has decreased, but the percentage of leaks of personal data has grown and accounts for almost 90% of all leaks from cloud storage. On average, each unsecured service identified resulted in 33.7 million personal data records being leaked. Leaks are mainly related to misconfiguration of services and stored resources, as well as human factors. These impacts can be minimized by improving the skills of cloud storage administrators and regularly auditing storage. Despite its seeming insecurity, the cloud is a reliable way of storing data. At the same time, leaks are still occurring. According to Kaspersky Lab, every tenth (11%) data leak from the cloud became possible due to the actions of the provider, while a third of all cyber incidents in the cloud (31% in Russia and 33% in the world) were due to gullibility company employees caught up in social engineering techniques. Minimizing the risks associated with the storage of personal data is one of the main tasks when operating a company's cloud infrastructure.

Remote patient monitoring is a system that focuses on patients care and attention with the advent of the Internet of Things (IoT). The technology makes it easier to track distance, but also to diagnose and provide critical attention and service on demand so that billions of people are safer and more safe. Skincare monitoring is one of the growing fields of medical care which requires IoT monitoring, because there is an increasing number of patients, but cures are restricted to the number of available dermatologists. The IoT-based skin monitoring system produces and store volumes of private medical data at the cloud from which the skin experts can access it at remote locations. Such large-scale data are highly vulnerable and otherwise have catastrophic results for privacy and security mechanisms. Medical organizations currently do not concentrate much on maintaining safety and privacy, which are of major importance in the field. This paper provides an IoT based skin surveillance system based on a blockchain data protection and safety mechanism. A secure data transmission mechanism for IoT devices used in a distributed architecture is proposed. Privacy is assured through a unique key to identify each user when he registers. The principle of blockchain also addresses security issues through the generation of hash functions on every transaction variable. We use blockchain consortiums that meet our criteria in a decentralized environment for controlled access. The solutions proposed allow IoT based skin surveillance systems to privately and securely store and share medical data over the network without disturbance.

Software Defined Networking (SDN) focus on the isolation of control plane and data plane, greatly enhancing the network's support for heterogeneity and flexibility. However, although the programmable network greatly improves the performance of all aspects of the network, flexible load balancing across controllers still challenges the current SDN architecture. Complex application scenarios lead to flexible and changeable communication requirements, making it difficult to guarantee the Quality of Service (QoS) for SDN users. To address this issue, this paper proposes a paradigm that uses blockchain to incentive safe load balancing for multiple controllers. We proposed a controller consortium blockchain for secure and efficient load balancing of multi-controllers, which includes a new cryptographic currency balance coin and a novel consensus mechanism Proof-of-Balance (PoB). In addition, we have designed a novel game theory-based incentive mechanism to incentive controllers with tight communication resources to offload tasks to idle controllers. The security analysis and performance simulation results indicate the superiority and effectiveness of the proposed scheme.

Biometric authentication is the preferred authentication scheme in modern computing systems. While it offers enhanced usability, it also requires cautious handling of sensitive users' biometric templates. In this paper, a distributed scheme that eliminates the requirement for a central node that holds users' biometric templates is presented. This is replaced by an Ethereum/IPFS combination to which the templates of the users are stored in a homomorphically encrypted form. The scheme enables the biometric authentication of the users by any third party service, while the actual biometric templates of the user never leave his device in non encrypted form. Secure authentication of users in enabled, while sensitive biometric data are not exposed to anyone. Experiments show that the scheme can be applied as an authentication mechanism with minimal time overhead.

Access to data at large scales expedites the progress of research in medical fields. Nevertheless, accessibility to patients' data faces significant challenges on regulatory, organizational and technical levels. In light of this, we present a novel approach based on the crowdsourcing paradigm to solve this data scarcity problem. Utilizing the infrastructure that blockchain provides, our decentralized platform enables researchers to solicit contributions to their well-defined research study from a large crowd of volunteers. Furthermore, to overcome the challenge of breach of privacy and mutual trust, we employed the cryptographic primitive of Zero-knowledge Argument of Knowledge (zk-SNARK). This not only allows participants to make contributions without exposing their privacy-sensitive health data, but also provides a means for a distributed network of users to verify the validity of the contributions in an efficient manner. Finally, since without an incentive mechanism in place, the crowdsourcing platform would be rendered ineffective, we incorporated smart contracts to ensure a fair reciprocal exchange of data for reward between patients and researchers.

Zero Trust Model ensures each node is responsible for the approval of the transaction before it gets committed. The data owners can track their data while it’s shared amongst the various data custodians ensuring data security. The consensus algorithm enables the users to trust the network as malicious nodes fail to get approval from all nodes, thereby causing the transaction to be aborted. The use case chosen to demonstrate the proposed consensus algorithm is the college placement system. The algorithm has been extended to implement a diversified, decentralized, automated placement system, wherein the data owner i.e. the student, maintains an immutable certificate vault and the student’s data has been validated by a verifier network i.e. the academic department and placement department. The data transfer from student to companies is recorded as transactions in the distributed ledger or blockchain allowing the data to be tracked by the student.

Software Defined Vehicular Networking (SDVN) could be the future of the vehicular networks, enabling interoperability between heterogeneous networks and mobility management. Thus, the deployment of large SDVN is considered. However, SDVN is facing major security issues, in particular, authentication and access control issues. Indeed, an unauthorized SDN controller could modify the behavior of switches (packet redirection, packet drops) and an unauthorized switch could disrupt the operation of the network (reconnaissance attack, malicious feedback). Due to the SDVN features (decentralization, mobility) and the SDVN requirements (flexibility, scalability), the Blockchain technology appears to be an efficient way to solve these authentication and access control issues. Therefore, many Blockchain-based approaches have already been proposed. However, two key challenges have not been addressed: authentication and access control for SDN controllers and high scalability for the underlying Blockchain network. That is why in this paper we propose an innovative and scalable architecture, based on a set of interconnected Blockchain sub-networks. Moreover, an efficient access control mechanism and a cross-sub-networks authentication/revocation mechanism are proposed for all SDVN devices (vehicles, roadside equipment, SDN controllers). To demonstrate the benefits of our approach, its performances are compared with existing solutions in terms of throughput, latency, CPU usage and read/write access to the Blockchain ledger. In addition, we determine an optimal number of Blockchain sub-networks according to different parameters such as the number of certificates to store and the number of requests to process.

Distributed banking platforms and services forgo centralized banks to process financial transactions. For example, M-Pesa provides distributed banking service in the developing regions so that the people without a bank account can deposit, withdraw, or transfer money. The current distributed banking systems lack the transparency in monitoring and tracking of distributed banking transactions and thus do not support auditing of distributed banking transactions for accountability. To address this issue, this paper proposes a blockchain-based distributed banking (BDB) scheme, which uses blockchain technology to leverage its built-in properties to record and track immutable transactions. BDB supports distributed financial transaction processing but is significantly different from cryptocurrencies in its design properties, simplicity, and computational efficiency. We implement a prototype of BDB using smart contract and conduct experiments to show BDB's effectiveness and performance. We further compare our prototype with the Ethereum cryptocurrency to highlight the fundamental differences and demonstrate the BDB's superior computational efficiency.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

This research provides security and safety extensions to a blockchain based solution whose target is e-health. The Advanced Blockchain platform is extended with intelligent monitoring for security and machine learning for detecting patient treatment medication safety issues. For the reasons of stringent HIPAA, HITECH, EU-GDPR and other regional regulations dictating security, safety and privacy requirements, the e-Health blockchains have to cover mandatory disclosure of violations or enforcements of policies during transaction flows involving healthcare. Our service solution further provides the benefits of resolving the abnormal flows of a medical treatment process, providing accountability of the service providers, enabling a trust health information environment for institutions to handle medication safely, giving patients a better safety guarantee, and enabling the authorities to supervise the security and safety of e-Health blockchains. The capabilities can be generalized to support a uniform smart solution across industry in a variety of blockchain applications.