Biblio

Over the years, public health has faced a large number of challenges like COVID-19. Medical cloud computing is a promising method since it can make healthcare costs lower. The computation of health data is outsourced to the cloud server. If the encrypted medical data is not decrypted, it is difficult to search for those data. Many researchers have worked on searchable encryption schemes that allow executing searches on encrypted data. However, many existing works support single-keyword search. In this article, we propose a patient-centered fine-grained attribute-based encryption scheme with multi-keyword search (CP-ABEMKS) for medical cloud computing. First, we leverage the ciphertext-policy attribute-based technique to construct trapdoors. Then, we give a security analysis. Besides, we provide a performance evaluation, and the experiments demonstrate the efficiency and practicality of the proposed CP-ABEMKS.

Cloud computing provides an open architecture and resource sharing computing platform with pay-per-use model. It is now a popular computing platform and most of the new internet based computing services are on this innovation supported environment. We consider it as innovation supported because developers are more focused here on the service design, rather on arranging the infrastructure, network, management of the resources, etc. These all things are available in cloud computing on hired basis. Now, a big question arises here is the security of data or privacy of data because the service provider is already using the infrastructure, network, storage, processors, and other more resources from the third party. So, the security or privacy of the portable user's data is the main motivation for writing this research paper. In this paper, we are proposing an innovative perturbation algorithm MAP() to secure the portable user's data on the cloud server.

With almost unlimited storage capacity and low maintenance cost, cloud storage becomes a convenient and efficient way for data sharing among cloud users. However, this introduces the challenges of access control and privacy protection when data sharing for multiple groups, as each group usually has its own encryption and access control mechanism to protect data confidentiality. In this paper, we propose a multiple-group data sharing scheme with privacy preservation in the cloud. This scheme constructs a flexible access control framework by using group signature, ciphertext-policy attribute-based encryption and broadcast encryption, which supports both intra-group and cross-group data sharing with anonymous access. Furthermore, our scheme supports efficient user revocation. The security and efficiency of the scheme are proved thorough analysis and experiments.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

With the improvement of the current Internet software and hardware performance, cloud storage has become one of the most widely used applications. This paper proposes a user privacy protection algorithm suitable for tennis match live broadcast from media cloud platform. Through theoretical and experimental verification, this algorithm can better protect the privacy of users in the live cloud platform. This algorithm is a ciphertext calculation algorithm based on data blocking. Firstly, plaintext data are grouped, then AES ciphertext calculation is performed on each group of plaintext data simultaneously and respectively, and finally ciphertext data after grouping encryption is spliced to obtain final ciphertext data. Experimental results show that the algorithm has the characteristics of large key space, high execution efficiency, ciphertext statistics and good key sensitivity.

Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

The virtualization technology in cloud environment brings some data and privacy security issues to users. Aiming at the problems of virtual machines singleness, homogeneity and static state in cloud environment, a negative feedback dynamic scheduling algorithm is proposed. This algorithm is based on mimic defense and creates multiple virtual machines to complete user request services together through negative feedback control mechanism which can achieve real-time monitor of the running state of virtual machines. When virtual machines state is found to be inconsistent, this algorithm will dynamically change its execution environment, resulting in the attacker's information collection and vulnerability exploitation process being disrupting. Experiments show that the algorithm can better solve security threats caused by the singleness, homogeneity and static state of virtual machines in the cloud, and improve security and reliability of cloud users.

Internet of Medical Things (IoMT) are getting popular in the smart healthcare domain. These devices are resource-constrained and are vulnerable to attack. As the IoMTs are connected to the healthcare network infrastructure, it becomes the primary target of the adversary due to weak security and privacy measures. In this regard, this paper proposes a security architecture for smart healthcare network infrastructures. The architecture uses various security components or services that are developed and deployed as virtual network functions. This makes the security architecture ready for future network frameworks such as OpenMANO. Besides, in this security architecture, only authenticated and trusted IoMTs serve the patients along with an encryption-based communication protocol, thus creating a secure, privacy-preserving and trusted healthcare network infrastructure.

Internet of things (IoT) mainly depends on clouds to process and store their data. Clouds cannot handle the volume and velocity of data generated by IoT. IoT is delay-sensitive and resources limited. Fog computing proposed endorsing the internet of things (IoT) demands. Fog computing extends the cloud computing service to the edge of the network. Fog utilization reduces response time and network overhead while maintaining security aspects. isolation and operating system (OS) dependency achieved by using virtualization. Blockchain proposed to solve the security and privacy of fog computing. Blockchain is a decentralized, immutable ledger. fog computing with blockchain proposed as an IoT infrastructure. Fog computing adopted with lightweight blockchain in this proposed work. This adaptation endorses the IoT demands for low response time with limited resources. This paper explores system applicability. Varies from other papers that focus on one factor such as privacy or security-applicability of the proposed model achieved by concentration different IoT needs and limits. Response time and ram usage with 1000 transactions did not encroach 100s and 300MiB in the proposed model.

Legacy and novel network services are expected to be migrated and designed to be deployed in fully virtualized environments. Starting with 5G, NFV becomes a formally required brick in the specifications, for services integrated within the infrastructure provider networks. This evolution leads to deployment of virtual resources Virtual-Machine (VM)-based, container-based and/or server-less platforms, all calling for a deep virtualization of infrastructure components. Such a network softwarization also unleashes further logical network virtualization, easing multi-layered, multi-actor and multi-access services, so as to be able to fulfill high availability, security, privacy and resilience requirements. However, the derived increased components heterogeneity makes the detection and the characterization of anomalies difficult, hence the relationship between anomaly detection and corresponding reconfiguration of the NFV stack to mitigate anomalies. In this article we propose an unsupervised machine-learning data-driven approach based on Long-Short- Term-Memory (LSTM) autoencoders to detect and characterize anomalies in virtualized networking services. With a radiography visualization, this approach can spot and describe deviations from nominal parameter values of any virtualized network service by means of a lightweight and iterative mean-squared reconstruction error analysis of LSTM-based autoencoders. We implement and validate the proposed methodology through experimental tests on a vIMS proof-of-concept deployed using Kubernetes.

The following topics are dealt with: cloud computing; software defined networking; cryptography; telecommunication traffic; Internet of Things; authorisation; software radio; cryptocurrencies; data privacy; learning (artificial intelligence).

With the widespread of Artificial Intelligence (AI)-enabled security applications, there is a need for collecting heterogeneous and scalable data sources for effectively evaluating the performances of security applications. This paper presents the description of new datasets, named ToNİoT datasets that include distributed data sources collected from Telemetry datasets of Internet of Things (IoT) services, Operating systems datasets of Windows and Linux, and datasets of Network traffic. The paper aims to describe the new testbed architecture used to collect Linux datasets from audit traces of hard disk, memory and process. The architecture was designed in three distributed layers of edge, fog, and cloud. The edge layer comprises IoT and network systems, the fog layer includes virtual machines and gateways, and the cloud layer includes data analytics and visualization tools connected with the other two layers. The layers were programmatically controlled using Software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Linux ToNİoT datasets would be used to train and validate various new federated and distributed AI-enabled security solutions such as intrusion detection, threat intelligence, privacy preservation and digital forensics. Various Data analytical and machine learning methods are employed to determine the fidelity of the datasets in terms of examining feature engineering, statistics of legitimate and security events, and reliability of security events. The datasets can be publicly accessed from [1].

The concept of federation in 5G and NFV networks aims to provide orchestration of services across multiple administrative domains. Edge robotics, as a field of robotics, implements the robot control on the network edge by relying on low-latency and reliable access connectivity. In this paper, we propose a solution that enables Edge robotics service to expand its service footprint or access coverage over multiple administrative domains. We propose application of Distributed ledger technologies (DLTs) for the federation procedures to enable private, secure and trusty interactions between undisclosed administrative domains. The solution is applied on a real-case Edge robotics experimental scenario. The results show that it takes around 19 seconds to deploy & federate a Edge robotics service in an external/anonymous domain without any service down-time.

An Internet of Things (IoT) architecture comprised of cloud, fog and resource constrained IoT end devices. The exponential development of IoT has increased the processing and footprint overhead in IoT end devices. All the components of IoT end devices that establish Chain of Trust (CoT) to ensure security are termed as Trusted Computing Base (TCB). The increased overhead in the IoT end device has increased the demand to increase the size of TCB surface area hence increases complexity of TCB surface area and also the increased the visibility of TCB surface area to the external world made the IoT end devices architecture over-architectured and unsecured. The TCB surface area minimization that has been remained unfocused reduces the complexity of TCB surface area and visibility of TCB components to the external un-trusted world hence ensures security in terms of confidentiality, integrity, authenticity (CIA) at the IoT end devices. The TCB minimization thus will convert the over-architectured IoT end device into lightweight and secured architecture highly desired for resource constrained IoT end devices. In this paper we review the IoT end device architectures proposed in the recent past and concluded that these architectures of resource constrained IoT end devices are over-architectured due to larger TCB and ignored bugs and vulnerabilities in TCB hence un-secured. We propose the Novel levelled architecture with TCB minimization by replacing oversized hypervisor with lightweight Micro(μ)-hypervisor i.e. μ-visor and transferring μ-hypervisor based virtualization over fog node for light weight and secured IoT End device architecture. The bug free TCB components confirm stable CoT for guaranteed CIA resulting into robust Trusted Execution Environment (TEE) hence secured IoT end device architecture. Thus the proposed resulting architecture is secured with minimized SRAM and flash memory combined footprint 39.05% of the total available memory per device. In this paper we review the IoT end device architectures proposed in the recent past and concluded that these architectures of resource constrained IoT end devices are over-architectured due to larger TCB and ignored bugs and vulnerabilities in TCB hence un-secured. We propose the Novel levelled architecture with TCB minimization by replacing oversized hypervisor with lightweight Micro(μ)-hypervisor i.e. μ-visor and transferring μ-hypervisor based virtualization over fog node for light weight and secured IoT End device architecture. The bug free TCB components confirm stable CoT for guaranteed CIA resulting into robust Trusted Execution Environment (TEE) hence secured IoT end device architecture. Thus the proposed resulting architecture is secured with minimized SRAM and flash memory combined footprint 39.05% of the total available memory per device.

The surveillance video management system is rapidly expanding its scope of application at the request of citizens and the development of related technologies. In addition, as Cloud Computing and 5G network are applied with AI, scope and function of surveillance systems are being enhanced to intelligent CCTV beyond simple monitoring. However, intelligent CCTV systems with Mobile Edge Computing and 5G, which have the risk of privacy infringement. Accordingly, it is necessary to identify various types of security threats that can be occurred through the cloud based surveillance system and to eliminate the risk of privacy and personal information breaches. So, in this paper, we propose a hierarchical cloud based video surveillance system considering security on the 5G Network.

In this paper, an attempt has been made to describe Kerberos authentication with multi factor authentication in context aware systems. Multi factor authentication will make the framework increasingly secure and dependable. The Kerberos convention is one of the most generally utilized security conventions on the planet. The security conventions of Kerberos have been around for a considerable length of time for programmers and other malware to Figure out how to sidestep it. This has required a quick support of the Kerberos convention to make it progressively dependable and productive. Right now, endeavor to help explain this by strengthening Kerberos with the assistance of multifaceted verification.

Tunnel approach to the security and privacy aspects of communication networks has been an issue since the inception of networking technologies. Neither the technology nor the regulatory and legal frame works proactively play a significant role towards addressing the ever escalating security challenges. As we have move to ubiquitous computing paradigm where information secrecy and privacy is coupled with new challenges of human to machine and machine to machine interfaces, a transformational model for security should be visited. This research is attempted to highlight the peripheral view of IoT based miniature device security paradigm with focus on standardization, regulations, user adaptation, software and applications, low computing resources and power consumption, human to machine interface and privacy.

The proliferation of mobile augmented reality applications and the toolkits to create them have serious implications for user privacy. In this paper, we explore how malicious AR app developers can leverage capabilities offered by commercially available AR libraries, and describe how edge computing can be used to address this privacy problem.

With the development of augmented reality(AR) technology and location-based service (LBS) technology, combining AR with LBS will create a new way of life and socializing. In AR, users may consider the privacy and security of data. In LBS, the leakage of user location privacy is an important threat to LBS users. Therefore, it is very important for privacy management of positioning information and user location privacy to avoid loopholes and abuse. In this review, the concepts and principles of AR technology and LBS would be introduced. The existing privacy measurement and privacy protection framework would be analyzed and summarized. Also future research direction of location privacy protection would be discussed.

In the new era of Internet of Things, the emerging of smart devices makes security and privacy the first requirements and the major challenges of a distributed network. Despite the implementation of security measures, as encryption mechanisms protecting sensor data, and cryptographic algorithms, various attacks seem to undermine the IoT devices security. This paper reports the preliminary results of a side-channel attack (scatter attack) addressed on an 8-bit IoT microcontroller protected by the Advanced Encryption Standard. The attack, based on an high-SNR data acquisition micro-system and a suitable statistical analysis, allows to discover part of the encryption key, demonstrating the security vulnerability of Internet of Things sensor networks protected by the AES.

The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to reality. Among the other MAR use cases, the incorporation of this MAR technology in the healthcare sector can elevate the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data available in this process, it is also highly vulnerable to all types of security threats. In this paper, an edge-based secure architecture is presented for a MAR healthcare application. Based on the ESSMAR architecture, a secure key management scheme is proposed for both the registration and authentication phases. Then the security of the proposed scheme is validated using formal and informal verification methods.

Crime scene investigation and preservation are fundamentally the pillars of forensics. Numerous cases have been discussed in this paper where mishandling of evidence or improper investigation leads to lengthy trials and even worse incorrect verdicts. Whether the problem is lack of training of first responders or any other scenario, it is essential for police officers to properly preserve the evidence. Second problem is the criminal profiling where each district department has its own method of storing information about criminals. ARCRIME intends to digitally transform the way police combat crime. It will allow police officers to create a copy of the scene of crime so that it can be presented in courts or in forensics labs. It will be in the form of wearable glasses for officers on site whereas officers during training will be wearing a headset. The trainee officers will be provided with simulations of cases which have already been resolved. Officers on scene would be provided with intelligence about the crime and the suspect they are interviewing. They would be able to create a case file with audio recording and images which can be digitally sent to a prosecution lawyer. This paper also explores the risks involved with ARCRIME and also weighs in their impact and likelihood of happening. Certain contingency plans have been highlighted in the same section as well to respond to emergency situations.

The precise integrative control between the stereoscopic image and the tactile feedback is very essential in augmented reality[1]-[4]. In order to study this question, this paper will introduce a stereoscopic-imaging and tactile integrative augmented-reality system, and a stereoscopic-imaging and tactile integrative algorithm. The system includes a stereoscopic-imaging part and a string-based tactile part. The integrative algorithm is used to precisely control the interaction between the two parts. The results for testing the system and the algorithm demonstrate the system to be perfect through 5 testers' operation and will be presented in the last part of the paper.

In order to realize the security authentication of information transmission between vehicle nodes in the vehicular ad hoc network, based on the certificateless public key cryptosystem and aggregate signature, a privacy-protected certificateless aggregate signature scheme is proposed, which eliminates the complicated certificate maintenance cost. This solution also solves the key escrow problem. By Communicating with surrounding nodes through the pseudonym of the vehicle, the privacy protection of vehicle users is realized. The signature scheme satisfies the unforgeability of an adaptive selective message attack under a random prophetic machine. The scheme meets message authentication, identity privacy protection, resistance to reply attacks.

With the rapid technological advancement of the universal internet of vehicles (UIoV), it becomes crucial to ensure safe and secure communication over the network, in an effort to achieve the implementation objective of UIoV effectively. A UIoV is characterized by highly dynamic topology, scalability, and thus vulnerable to various types of security and privacy attacks (i.e., replay attack, impersonation attack, man-in-middle attack, non-repudiation, and modification). Since the components of UIoV are constrained by numerous factors (e.g., low memory devices, low power), which makes UIoV highly susceptible. Therefore, existing schemes to address the privacy and security facets of UIoV exhibit an enormous scope of improvement in terms of time complexity and efficiency. This paper presents a lightweight authentication and batch verification scheme (LABVS) for UIoV using a bilinear map and cryptographic operations (i.e., one-way hash function, concatenation, XOR) to minimize the rate of message loss occurred due to delay in response time as in single message verification scheme. Subsequently, the scheme results in a high level of security and privacy. Moreover, the performance analysis substantiates that LABVS minimizes the computational delay and has better performance in the delay-sensitive network in terms of security and privacy as compared to the existing schemes.