Biblio

In recent years, data published and shared with third parties to develop artificial intelligence (AI) tools and services has significantly increased. When there are regulatory or internal requirements regarding privacy of data, anonymization techniques are used to maintain privacy by transforming the data. The side-effect is that the anonymization may lead to useless data to train and test the AI because it is highly dependent on the quality of the data. To overcome this problem, we propose a test-driven anonymization approach for artificial intelligence tools. The approach tests different anonymization efforts to achieve a trade-off in terms of privacy (non-functional quality) and functional suitability of the artificial intelligence technique (functional quality). The approach has been validated by means of two real-life datasets in the domains of healthcare and health insurance. Each of these datasets is anonymized with several privacy protections and then used to train classification AIs. The results show how we can anonymize the data to achieve an adequate functional suitability in the AI context while maintaining the privacy of the anonymized data as high as possible.

Insecure data storage may open a door to malicious malware to steal users' and system sensitive information. These problems may due to developer negligence or lack of security knowledge. Android developers use various storage methods to store data. However, Attackers have attacked these vulnerable data storage. Although the developers have modified the apps after knowing the vulnerability, the user's personal information has been leaked and caused serious consequences. As a result, instead of patching and fixing the vulnerability, we should conduct proactive control for secure Android data storage. In this paper, we analyzed Android external storage vulnerability and discussed the prevention solutions to prevent sensitive information in external storage from disclosure.

People increasingly rely on mobile devices for banking transactions or two-factor authentication (2FA) and thus trust in the security provided by the underlying operating system. Simultaneously, jailbreaks gain tremendous popularity among regular users for customizing their devices. In this paper, we show that both do not go well together: Jailbreaks remove vital security mechanisms, which are necessary to ensure a trusted environment that allows to protect sensitive data, such as login credentials and transaction numbers (TANs). We find that all but one banking app, available in the iOS App Store, can be fully compromised by trivial means without reverse-engineering, manipulating the app, or other sophisticated attacks. Even worse, 44% of the banking apps do not even try to detect jailbreaks, revealing the prevalent, errant trust in the operating system's security. This study assesses the current state of security of banking apps and pleads for more advanced defensive measures for protecting user data.

In today's IIoT world, most of the IoT platform providers like Microsoft, Amazon and Google are focused towards connecting devices and extract data from the devices and send the data to the Cloud for analytics. Only there are few companies concentrating on Security measures implemented on Edge Node. Gartner estimates that by 2020, more than 25 percent of all enterprise attackers will make use of the Industrial IoT. As Cyber Security Threat is getting more important, it is essential to ensure protection of data both at rest and at motion. The reflex of Cyber Security in the Industrial IoT Domain is much more severe when compared to the Consumer IoT Segment. The new bottleneck in this are security services which employ computationally intensive software operations and system services [1]. Resilient services consume considerable resources in a design. When such measures are added to thwart security attacks, the resource requirements grow even more demanding. Since the standard IIoT Gateways and other sub devices are resource constrained in nature the conventional design for security services will not be applicable in this case. This paper proposes an intelligent architectural paradigm for the Constrained IIoT Gateways that can efficiently identify the Cyber-Attacks in the Industrial IoT domain.

With the increase in the number of cyber attacks on industrial control systems, especially in critical infrastructure facilities, the problem of comprehensive analysis of the security of such systems becomes urgent. This, in turn, requires the availability of fundamental mathematical, methodological and instrumental basis for modeling automated systems, modeling attacks on their information resources, which would allow realtime system protection analysis. The paper proposes a basis for simulating protected industrial control systems, based on the developed reference security model, and a model for attacks on information resources of automated systems. On the basis of these mathematical models, a complex model of a protected automated system was developed, which can be used to build protection systems for automated systems used in production.

Media streaming has largely dominated the Internet traffic and the trend will keep increasing in the next years. To efficiently distribute the media content, Information-Centric Networking (ICN) has attracted many researchers. Since end users usually obtain content from indeterminate caches in ICN, the publisher cannot reinforce data security and access control depending on the caches. Hence, the ability of self-contained protection is important for the cached contents. Attribute-based encryption (ABE) is considered the preferred solution to achieve this goal. However, the existing ABE schemes usually have problems regarding efficiency. The exponentiation in key generation and pairing operation in decryption respectively increases linearly with the number of attributes involved, which make it costly. In this paper, we propose an efficient key-policy ABE with fast key generation and decryption (FKP-ABE). In the key generation, we get rid of exponentiation and only require multiplications/divisions for each attribute in the access policy. And in the decryption, we reduce the pairing operations to a constant number, no matter how many attributes are used. The efficiency analysis indicates that our scheme has better performance than the existing KP-ABE schemes. Finally, we present an implementation framework that incorporates the proposed FKP-ABE with the ICN architecture.

White-box cryptography protects cryptographic software in a white-box attack context (WBAC), where the dynamic execution of the cryptographic software is under full control of an adversary. Protecting AES in the white-box setting attracted many scientists and engineers, and several solutions emerged. However, almost all these solutions have been badly broken by various efficient white-box attacks, which target compositions of key-embedding lookup tables. In 2014, Luo, Lai, and You proposed a new WBAC-oriented AES implementation, and claimed that their implementation is secure against both Billet et al.'s attack and De Mulder et al.'s attack. In this study, based on the existing table-composition-targeting cryptanalysis techniques, the authors show that the secret key of the Luo-Lai-You (LLY) implementation can be recovered with a time complexity of about 244. Furthermore, the authors propose a new white-box AES implementation based on table lookups, which is shown to be resistant against the existing table-composition-targeting white-box attacks. The authors, key-embedding tables are obfuscated with large affine mappings, which cannot be cancelled out by table compositions of the existing cryptanalysis techniques. Although their implementation requires twice as much memory as the LLY WBAES to store the tables, its speed is about 63 times of the latter.

The security of user personal information on cloud computing is an important issue for the recommendation system. In order to provide high quality recommendation services, privacy of user is often obtained by untrusted recommendation systems. At the same time, malicious attacks often use the recommendation results to try to guess the private data of user. This paper proposes a hybrid algorithm based on NMF and random perturbation technology, which implements the recommendation system and solves the protection problem of user privacy data in the recommendation process on cloud computing. Compared with the privacy protection algorithm of SVD, the elements of the matrix after the decomposition of the new algorithm are non-negative elements, avoiding the meaninglessness of negative numbers in the matrix formed by texts, images, etc., and it has a good explanation for the local characteristics of things. Experiments show that the new algorithm can produce recommendation results with certain accuracy under the premise of protecting users' personal privacy on cloud computing.

Once an individual employs the use of the Internet for accessing information; carrying out transactions and sharing of data on the Cloud, they are connected to diverse computers on the network. As such, security of such transmitted data is most threatened and then potentially creating privacy risks of users on the federated identity management system in the Cloud. Usually, User's attributes or Personal Identifiable Information (PII) are needed to access Services on the Cloud from different Service Providers (SPs). Sometime these SPs may by themselves violate user's privacy by the reuse of user's attributes offered them for the release of services to the users without their consent and then carrying out activities that may appear malicious and then causing damage to the users. Similarly, it should be noted that sensitive user's attributes (e.g. first name, email, address and the likes) are received in their original form by needed SPs in plaintext. As a result of these problems, user's privacy is being violated. Since these SPs may reuse them or connive with other SPs to expose a user's identity in the cloud environment. This research is motivated to provide a protective and novel approach that shall no longer release original user's attributes to SPs but pseudonyms that shall prevent the SPs from violating user's privacy through connivance to expose the user's identity or other means. The paper introduces a conceptual framework for the proposed user's attributes privacy protection in a federated identity management system for the cloud. On the proposed system, the use of pseudonymous technique also called Privacy Token (PT) is employed. The pseudonymous technique ensures users' original attributes values are not sent directly to the SP but auto generated pseudo attributes values. The PT is composed of: Pseudo Attribute values, Timestamp and SPİD. These composition of the PT makes it difficult for the User's PII to be revealed and further preventing the SPs from being able to keep them or reuse them in the future without the user's consent for any purpose. Another important feature of the PT is its ability to forestall collusion among several collaborating service providers. This is due to the fact that each SP receives pseudo values that have no direct link to the identity of the user. The prototype was implemented with Java programming language and its performance tested on CloudAnalyst simulation.

Witnessing the increasingly pervasive deployment of security video surveillance systems(VSS), more and more individuals have become concerned with the issues of privacy violations. While the majority of the public have a favorable view of surveillance in terms of crime deterrence, individuals do not accept the invasive monitoring of their private life. To date, however, there is not a lightweight and secure privacy-preserving solution for video surveillance systems. The recent success of blockchain (BC) technologies and their applications in the Internet of Things (IoT) shed a light on this challenging issue. In this paper, we propose a Lightweight, Blockchain-based Privacy protection (Lib-Pri) scheme for surveillance cameras at the edge. It enables the VSS to perform surveillance without compromising the privacy of people captured in the videos. The Lib-Pri system transforms the deployed VSS into a system that functions as a federated blockchain network capable of carrying out integrity checking, blurring keys management, feature sharing, and video access sanctioning. The policy-based enforcement of privacy measures is carried out at the edge devices for real-time video analytics without cluttering the network.

Unauthorized access of the data is one of the major threat for the real world digital data communication. Digital images are one of the most vital subset of the digital data. Several important and sensitive information is conveyed through digital images. Hence, digital image security is one of the foremost interest of the researchers. Cryptographic algorithms Biological sequences are often used to encrypt data due to their inherent features. DNA encryption is one of the widely used method used for data security which is based on the properties of the biological sequences. To protect the images from unwanted accesses, a new two stage method is proposed in this work. DNA Encryption and Polymerase Chain Reaction (PCR) Amplification is used to enhance the security. The proposed method is evaluated using different standard parameters that shows the efficiency of the algorithm.

Experience in designing general-purpose systems that enforce security goals shows that achieving universality, security, and performance remains a very difficult challenge. As a result, two directions emerged in designing, one of which focused on universality and performance with limited security mechanisms, and another - on robust security with reasonable performance for limited sets of applications. In the first case, popular but unsecure systems were created, and various efforts were subsequently made to upgrade the protected infrastructure for such systems. In the work, the latter approach is considered. It is obvious that the inclusion of built-in security mechanisms leads to a decrease in system performance. The paper considers a reference monitor and the assessment of its impact on system performance. For this purpose, the functional structure of reference monitor is built and the analytical model of impact evaluation on system performance is proposed.

In this paper, we study system security against Advanced Persistent Threats (APTs). APTs are stealthy and persistent but APTs interact with system and introduce information flows in the system as data-flow and control-flow commands. Dynamic Information Flow Tracking (DIFT) is a promising detection mechanism against APTs which taints suspicious input sources in the system and performs online security analysis when a tainted information is used in unauthorized manner. Our objective in this paper is to model DIFT that handle data-flow and conditional branches in the program that arise from control-flow commands. We use game theoretic framework and provide the first analytical model of DIFT with data-flow and conditional-branch tracking. Our game model which is an undiscounted infinite-horizon stochastic game captures the interaction between APTs and DIFT and the notion of conditional branching. We prove that the best response of the APT is a maximal reachability probability problem and provide a polynomial-time algorithm to find the best response by solving a linear optimization problem. We formulate the best response of the defense as a linear optimization problem and show that an optimal solution to the linear program returns a deterministic optimal policy for the defense. Since finding Nash equilibrium for infinite-horizon undiscounted stochastic games is computationally difficult, we present a nonlinear programming based polynomial-time algorithm to find an E-Nash equilibrium. Finally, we perform experimental analysis of our algorithm on real-world data for NetRecon attack augmented with conditional branching.

The NOC Network on chip provides better performance and scalability communication structures point-to-point signal node, shared through bus architecture. Information analysis of method using the IOT termination, as the energy consumed in this regard reduces and reduces the network load but it also displays safety concerns because the valuation data is stored or transmitted to the network in various stages of the node. Using encryption to protect data on the area of network-on-chip Analysis Machine is a way to solve data security issues. We propose a Network on chip based on a combined multicore cluster with special packages for computing-intensive data processing and encryption functionality and support for software, in a tight power envelope for analyzing and coordinating integrated encryption. Programming for regular computing tasks is the challenge of efficient and secure data analysis for IOT end-end applications while providing full-functionality with high efficiency and low power to satisfy the needs of multiple processing applications. Applications provide a substantial parallel, so they can also use NOC's ability. Applications must compose in. This system controls the movement of the packets through the network. As network on chip (NOC) systems become more prevalent in the processing unit. Routers and interconnection networks are the main components of NOC. This system controls the movement of packets over the network. Chip (NOC) networks are very backward for the network processing unit. Guides and Link Networks are critical elements of the NOC. Therefore, these areas require less access and power consumption, so we can better understand environmental and energy transactions. In this manner, a low-area and efficient NOC framework were proposed by removing virtual channels.

In the globalized knowledge economy, big data analytics have been widely applied in diverse areas. A critical issue in big data analysis on personal information is the possible leak of personal privacy. Therefore, it is necessary to have an anonymization-based de-identification method to avoid undesirable privacy leak. Such method can prevent published data form being traced back to personal privacy. Prior empirical researches have provided approaches to reduce privacy leak risk, e.g. Maximum Distance to Average Vector (MDAV), Condensation Approach and Differential Privacy. However, previous methods inevitably generate synthetic data of different sizes and is thus unsuitable for general use. To satisfy the need of general use, k-anonymity can be chosen as a privacy protection mechanism in the de-identification process to ensure the data not to be distorted, because k-anonymity is strong in both protecting privacy and preserving data authenticity. Accordingly, this study proposes an optimized multidimensional method for anonymizing data based on both the priority weight-adjusted method and the mean difference recommending tree method (MDR tree method). The results of this study reveal that this new method generate more reliable anonymous data and reduce the information loss rate.

In the globalized knowledge economy, big data analytics have been widely applied in diverse areas. A critical issue in big data analysis on personal information is the possible leak of personal privacy. Therefore, it is necessary to have an anonymization-based de-identification method to avoid undesirable privacy leak. Such method can prevent published data form being traced back to personal privacy. Prior empirical researches have provided approaches to reduce privacy leak risk, e.g. Maximum Distance to Average Vector (MDAV), Condensation Approach and Differential Privacy. However, previous methods inevitably generate synthetic data of different sizes and is thus unsuitable for general use. To satisfy the need of general use, k-anonymity can be chosen as a privacy protection mechanism in the de-identification process to ensure the data not to be distorted, because k-anonymity is strong in both protecting privacy and preserving data authenticity. Accordingly, this study proposes an optimized multidimensional method for anonymizing data based on both the priority weight-adjusted method and the mean difference recommending tree method (MDR tree method). The results of this study reveal that this new method generate more reliable anonymous data and reduce the information loss rate.

Confidentiality, authentication, privacy and integrity are the pillars of securing data. The most generic way of providing security is setting up passwords and usernames collectively known as login credentials. Operating systems use different techniques to ensure security of login credentials yet brute force attacks and dictionary attacks along with various other types which leads to success in passing or cracking passwords.The objective of proposed HS model is to enhance the protection of SAM file used by Windows Registry so that the system is preserved from intruders.

The safety of web browsers is essential to the privacy of Internet users and the security of their computing systems. In the last few years, there have been several cyber attacks geared towards compromising surfers' data and systems via exploiting browser-based vulnerabilities. Android and a number of mobile operating systems have been supporting a UI component called WebView, which can be embedded in any mobile application to render the web contents. Yet, this mini-browser component has been found to be vulnerable to various kinds of attacks. For instance, an attacker in her WebView-Embedded app can inject malicious JavaScripts into the WebView to modify the web contents or to steal user's input values. This kind of attack is particularly challenging due to the full control of attackers over the content of the loaded pages. In this paper, we are proposing and testing a server-side moving target defense technique to counter the risk of JavaScript injection attacks on mobile WebViews. The solution entails creating redundant HTML forms, randomizing their attributes and values, and asserting stealthy prompts for the user data. The solution does not dictate any changes to the browser or applications codes, neither it requires key sharing with benign clients. The results of our performance and security analysis suggest that our proposed approach protects the confidentiality and integrity of user input values with minimum overhead.

Recently, data protection has become increasingly important in cloud environments. The cloud platform has global user information, rich storage resource allocation information, and a fuller understanding of data attributes. At the same time, there is an urgent need for data access control to provide data security, and software-defined network, as a ready-made facility, has a global network view, global network management capabilities, and programable network rules. In this paper, we present an approach, named High-Performance Software-Defined Data Access Network (HP-SDDAN), providing software-defined data access network architecture, global data attribute management and attribute-based data access network. HP-SDDAN combines the excellent features of cloud platform and software-defined network, and fully considers the performance to implement software-defined data access network. In evaluation, we verify the effectiveness and efficiency of HP-SDDAN implementation, with only 1.46% overhead to achieve attribute-based data access control of attribute-based differential privacy.

With the rise of blockchain technology, peer-to-peer network system has once again caught people's attention. Peer-to-peer (P2P) is currently being implemented on various kind of decentralized systems such as InterPlanetary File System (IPFS). However, P2P file sharing network systems is not without its flaws. Data stored in the other nodes cannot be deleted by the owner and can only be deleted by other nodes themselves. Ensuring that personal data can be completely removed is an important issue to comply with the European Union's General Data Protection Regulation (GDPR) criteria. To improve P2Ps privacy and security, we propose a monitorable peer-to-peer file sharing mechanism that synchronizes with other nodes to perform file deletion and to generate the File Authentication Code (FAC) of each IPFS nodes in order to make sure the system synchronized correctly. The proposed mechanism can integrate with a consortium Blockchain to comply with GDPR.

Today, Smartphone is a necessary device for people connected to the Internet world. But user privacy and security are still playing important roles in the usage of mobile devices. The user was asked to enter related characters, numbers or drawing a simple graphic on the touch screen as passwords for unlocking the screensaver. Although it could provide the user with a simple and convenient security authentication mechanism, the process is hard to protect against the privacy information leakage under the strict security policy. Nowadays, various keypad lock screen Apps usually provides different type of schemes in unlocking the mobile device screen, such as simple-customized pattern, swipe-to-unlock with a static image and so on. But the vulnerability could provide a chance to hijacker to find out the leakage of graphic pattern information that influences in user information privacy and security.This paper proposes a new graphic pattern authentication mechanism to enhance the strength of that in the keypad lock screen Apps. It integrates random digital graphics and handwriting graphic input track recognition technologies to provide better and more diverse privacy protection and reduce the risk of vulnerability. The proposed mechanism is based on two factor identification scheme. First of all, it randomly changes digital graphic position based on unique passwords every time to increase the difficulty of the stealer's recording. Second, the input track of handwriting graphics is another identification factor for enhancing the complex strength of user authentication as well.

Protecting privacy of individuals is a basic right, which has to be considered in our data-centered society in which new technologies emerge rapidly. To preserve the privacy of individuals de-identifying technologies have been developed including pseudonymization, personal privacy anonymization, and privacy models. Each having several variations with different properties and contexts which poses the challenge for the proper selection and application of de-identification methods. We tackle this challenge proposing a policy-based de-identification test framework for a systematic approach to experimenting and evaluation of various combinations of methods and their interplay. Evaluation of the experimental results regarding performance and utility is considered within the framework. We propose a domain-specific language, expressing the required complex configuration options, including data-set, policy generator, and various de-identification methods.

In this research paper author surveys the need of data protection from intelligent systems in the private and public sectors. For this, she identifies that the Smart Information Security Intel processes needs to be the suggestive key policy for both sectors of governance either public or private. The information is very sensitive for any organization. When the government offices are concerned, information needs to be abstracted and encapsulated so that there is no information stealing. For this purposes, the art of skill set and new optimized technology needs to be stationed. Author identifies that digital bar-coded air port like security using conveyor belts and digital bar-coded conveyor boxes to scan switched ON articles like internet of things needs to be placed. As otherwise, there can potentially be data, articles or information stealing from the operational sites where access is unauthorized. Such activities shall need to be scrutinized, minutely. The biometric such as fingerprints, iris, voice and face recognition pattern updates in the virtual data tables must be taken to keep data entry-exit log up to-date. The information technicians of the sentinel systems must help catch the anomalies in the professional working time in private and public sectors if there is red flag as indicator. The author in this research paper shall discuss in detail what we shall station, how we shall station and what all measures we might need to undertake to safeguard the stealing of sensitive information from the organizations like administration buildings, government buildings, educational schools, hospitals, courts, private buildings, banks and all other offices nation-wide. The TO-BE new processes shall make the AS-IS office system more information secured, data protected and personnel security stronger.

Bare-metal microcontrollers are a family of Internet of Things (IoT) devices which are increasingly deployed in critical industrial environments. Similar to other IoT devices, bare-metal microcontrollers are vulnerable to memory corruption and code-reuse attacks. We propose MicroGuard, a novel mitigation method based on component-level sandboxing and automated code randomization to securely encapsulate application components in isolated environments. We implemented MicroGuard and evaluated its efficacy and efficiency with a real-world benchmark against different types of attacks. As our evaluation shows, MicroGuard provides better security than ACES, current state-of-the-art protection framework for bare-metal microcontrollers, with a comparable performance overhead.

Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. This paper considers software rejuvenation design from a control-theoretic perspective. Invariant sets for the Lyapunov function for the safety controller are used to derive bounds on the time that the CPS can operate in mission control mode before the software must be refreshed. With these results it can be guaranteed that the CPS will remain safe under cyber attacks against the run-time system. The approach is illustrated using simulation of the nonlinear dynamics of a quadrotor system. The concluding section discusses directions for further research.