Showing total 1,665 results

1. Integrating Fuzzy Graph Theory into Cryptography: A Survey of Techniques and Security Applications.

Author

Singh, Rashmi, Khalid, Saifullah, Nishad, D. K., and Ruchira

Subjects

*TECHNOLOGICAL innovations, *WIRELESS sensor networks, *ACCESS control, *IMAGE encryption, *WIRELESS sensor network security, *FUZZY logic, *FUZZY graphs

Abstract

Since the advent of networked systems, fuzzy graph theory has surfaced as a fertile paradigm for handling uncertainties and ambiguities. Among the different modes of handling challenges created by the uncertainties and ambiguities of current networked systems, integrating fuzzy graph theory with cryptography has emerged as the most promising approach. In this regard, this review paper elaborates on potentially studying fuzzy graph-based cryptographic techniques, application perspectives, and future research directions. Since the expressive power of fuzzy graphs allows the cryptographic schemes to handle imprecise information and to enhance security in many domains, several domains have benefited, such as image encryption, key management, and attribute-based encryption. The paper analyzes in depth the research landscape, mainly by focusing on the varied techniques used, such as fuzzy logic for key generation and fuzzy attribute representation for access control policies. A comparison with performance metrics unveils the trade-offs and advantages of different fuzzy graph-based approaches in efficiency, security strength, and computational overhead. Additionally, the survey explores the security applications of fuzzy graph-based cryptography and underpins potential development for secure communication in wireless sensor networks, privacy-preserving data mining, fine-grained access control in cloud computing, and blockchain security. Some challenges and research directions, such as the standardization of fuzzy logic operators, algorithmic optimization, integration with emerging technologies, and exploitation of post-quantum cryptography applications, are also brought out. This review will thus bring insight into this interdisciplinary domain and stimulate further research for the design of more robust, adaptive, and secure cryptographic systems in the wake of rising complexities and uncertainties. [ABSTRACT FROM AUTHOR]

Published

2024

2. Designing efficient patient‐centric smart contracts for healthcare ecosystems with access control capabilities.

Author

Kalita, Kausthav Pratim, Boro, Debojit, and Kumar Bhattacharyya, Dhruba

Abstract

Electronic medical records are a patient's digital asset that enhances the information available to doctors for tracking their patients' health. When this information is stored in a secure environment, health examination reports can serve as a dependable repository for thorough observation of a patient's well‐being. However, it is crucial for the owner to have control over access to these repositories. In this scenario, a blockchain ecosystem with appropriate access control mechanisms can help create a distributed and decentralized storage platform to ensure the safety and security of data. Developing cost‐effective smart contracts and creating clear design diagrams to represent them are essential for establishing such an ecosystem. This paper introduces a smart contract for the Ethereum blockchain that allows an owner to maintain control over their data. The paper presents a diagram for visually representing the modules within our smart contract, providing readers with a clearer understanding of the access control techniques utilized in implementing our strategies. Our smart contract offers clinicians a valuable means of accessing historical data to promptly evaluate a patient's health in emergency situations. We showcase its efficacy by illustrating how it streamlines insurance claims, where it verifies the patient's coverage and automatically authorizes medical expense payments. Lastly, a study is presented to showcase an effective method of storing the ingested data within the Ethereum network. The suggested approach allows restrictions on data visibility based on the viewer's accessibility through identity‐based access control achieved using additional structures in smart contracts. These structures store filtered records accessible to users based on their viewing privileges. The simulated test bed results support the efficiency of using smart contracts with additional structures in terms of gas consumption when compared to those that use a single structure for read and write operations. [ABSTRACT FROM AUTHOR]

Published

2024

3. Digital twin communities: an approach for secure DT data sharing.

Author

Alcaraz, Cristina, Meskini, Iman Hasnaouia, and Lopez, Javier

Abstract

Digital Twin (DT) technology empowers organizations to create virtual counterparts of their physical assets, thereby magnifying their analytical, optimization and decision-making capabilities. More specifically, the simulation capabilities of a DT generate high-quality data that not only benefit the DT owner organization, but also increase the potential of similar organizations by leveraging the DT’s capabilities when sharing its simulation results This collaborative sharing boosts the capabilities of each participating organization, fostering a collective intelligence that amplifies their competitive advantage. Nonetheless, data exchange must rigorously safeguard each organization’s data confidentiality, and access to this data must be thoroughly controlled. Thus, this paper introduces the novel concept of DT communities and proposes a hybrid access control architecture. This architecture seamlessly integrates the strengths of both Role Based Access Control (RBAC) and Organizational Based Access Control (OrBAC), facilitating secure, authorized intra- and inter-organizational information sharing in the context of Industry 5.0, combining the strengths of local DT communication and other organization’s DTs as well. Moreover, in order to show the feasibility of the approach for critical corporate organizations and their systems, in this paper we provide a proof-of-concept implementation of this architecture. To validate its functionality and efficiency, we perform a number of experimental studies showing how various entities can benefit from securely sharing DT models based on the concept of “community". [ABSTRACT FROM AUTHOR]

Published

2025

4. Downlink AP coordination based OFDMA and NOMA protocols for the next-generation WLANs.

Author

Zhenzhen, Yan, Bo, Li, Mao, Yang, and Zhongjiang, Yan

Subjects

*FREQUENCY division multiple access, *INTERFERENCE suppression, *STRUCTURAL frames, *ACCESS control, *WIRELESS LANs

Abstract

In recent years, with the increasing number of terminal connections, high-density deployment scenarios have become important scenarios for future wireless networks. Ultra-high throughput (EHT) in high density deployment scenarios is the technical goal of IEEE 802.11be, the next-generation wireless local area network (WLAN) standard. However, in a high-density deployment scenario, interference suppression between BSSs is serious, which seriously affects the throughput of a WLAN. And the resources available are limited. Therefore, for the next generation WLAN standard, this paper proposes a downlink transmission scheme based on AP coordination and the orthogonal frequency division multiple access (OFDMA) protocol and the non-orthogonal multiple access (NOMA) protocol, named Co-OFDMA–NOMA scheme. The core idea is to transform the interference and suppression relationship between neighboring BSSs into the relationship of mutual coordination and assistance through the Co-OFDMA–NOMA protocol proposed in this paper. Firstly, a downlink transmission scheme named the Co-OFDMA–NOMA protocol is designed. In addition, the protocol and its framework structure have good backward compatibility. Theoretical analysis shows that the proposed Co-OFDMA–NOMA protocol has significant performance gain, and simulation results prove the effectiveness of the scheme. [ABSTRACT FROM AUTHOR]

Published

2024

5. Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification.

Author

Tan, Kheng-Leong, Chi, Chi-Hung, and Lam, Kwok-Yan

Subjects

*MEDICAL records, *ELECTRONIC health records, *PATIENT autonomy, *SYSTEM integration, *ACCESS control, *EMERGENCY communication systems

Abstract

Wireless communications play an important role in ensuring ease of access to shared electronic health records (EHR) across health service providers which is essential and significant for prompt patients' care, especially in cases of emergency medical conditions. With the need to support anytime, anywhere access to, potentially bandwidth hungry, medical records, electronic healthcare applications will continue to benefit from advanced wireless network technologies such as 5G and beyond. With sharing, it is crucial to provide patients with security and privacy guarantees, and allow them to certain control of access to their data. Existing solutions mostly assume that patients are available to authorize requests to access their EHR, which is impractical as the patient may be unconscious. This paper proposes a secure and privacy protecting protocol whereby the patient can pre-delegate the authorization for the access of his/her EHR. Our patient(user)-centric proposal combines Self-Sovereign Identity (SSI) concepts and model with Secure Multi-party Computation (SMPC) and Threshold Cryptography (TC) to enable secure identity and authorization verification. A block cipher encryption sharing approach is adopted for the threshold SMPC which extends the AES-GCM symmetric encryption model into a full-fledged cryptographic platform. Two mechanisms are implemented for the block cipher encryption, namely XOR and Cascade, and experiments are conducted to compare them. We conclude that the XOR mechanism can scale for larger thresholds, while Cascade performed better for a lower threshold (≤ 3). This paper also performs a threat analysis of the protocol and approach, and validates its correctness and complexity. We conclude that the approach can achieve the security and privacy protection of the patient's personal EHR, as well as the autonomy of the patient to control the authorization for the access and sharing. [ABSTRACT FROM AUTHOR]

Published

2024

6. EMR sharing system with lightweight searchable encryption and rights management.

Author

Luo, Haotian, Mei, Niansong, and Du, Chong

Subjects

*LOGIC circuits, *INFORMATION retrieval, *ACCESS control, *ELECTRONIC health records, *DATA warehousing

Abstract

The blockchain-based Electronic Medical Record (EMR) data storage system encounters challenges which are data leakage, insufficient access control, and low retrieval efficiency. In response to these issues, this paper proposes a lightweight searchable encryption and access control system for sharing EMR data securely. The lightweight searchable encryption scheme which is achieved by integrating the trapdoor verification phase with the keyword retrieval phase is constructed using BGG13 + and MP12. User access control is implemented through a Boolean circuit to replace arithmetic operations and thus improve arithmetic efficiency. Since logic operations can reduce the computation time, this paper uses Boolean circuits for user rights verification implementation. In addition, this paper adopts the Bloom filter as the system index to enhance the efficiency of block-chain data retrieval. According to the simulation results, there is a performance advantage of this system over similar systems. [ABSTRACT FROM AUTHOR]

Published

2024

7. Secure electronic medical records sharing scheme based on blockchain and quantum key.

Author

Zhu, Dexin, Sun, Yu, Li, Nianfeng, Song, Lijun, and Zheng, Jun

Subjects

*ELECTRONIC health records, *BLOCKCHAINS, *MEDICAL record databases, *DATA privacy, *ACCESS control, *TEST systems

Abstract

Electronic medical records have the advantages of large storage capacity, convenience, improved efficiency, etc. However, since electronic medical records contain a large amount of patient's private information, if they are stored directly in the cloud server, patients may face the risk of privacy data leakage and electronic medical record data tampering. To solve the above problems, this paper proposes a secure sharing scheme of electronic medical records combining quantum key and blockchain. Based on the true randomness of quantum keys, the multi-user secure forwarding mechanism of quantum keys is designed using proxy re-encryption technology and blockchain. A fine-grained access control scheme for electronic medical records by users with different roles was proposed using data desensitization technology. To facilitate secure retrieval from the cloud server, searchable encryption technology is used. This paper analyzes the comprehensive performance level of the proposed scheme through blockchain performance testing and system efficiency testing. [ABSTRACT FROM AUTHOR]

Published

2024

8. Paper, Paper Everywhere but None of it Controlled?

Author

Burgess, Chris and McDowall, Bob

Subjects

*BUSINESS forms, *BUSINESS records, *BUSINESS records -- Government policy, *INFORMATION storage & retrieval systems, *LABORATORIES, *ACCESS control of records, *ACCESS control

Abstract

One of the common threads in the six data integrity guidance documents published to date is the need to control any blank forms used in regulated GXP laboratories. This month's "Questions of Quality" is focused on how to interpret the regulator's requirements for this topic. We also pose the question: Is paper the best way to record regulated data? [ABSTRACT FROM AUTHOR]

Published

2016

9. An efficient texture descriptor based on local patterns and particle swarm optimization algorithm for face recognition.

Author

Fadaei, Sadegh, Dehghani, Abbas, RahimiZadeh, Keyvan, and Beheshti, Amin

Subjects

*PARTICLE swarm optimization, *HUMAN facial recognition software, *FEATURE extraction, *RECEIVER operating characteristic curves, *ACCESS control

Abstract

Face recognition is used in many applications such as access control, automobile security, criminal identification, immigration, healthcare, cyber security, and so on. Each person has his/her own unique face, so the face can help distinguish people from each other. Feature extraction process plays a fundamental role in accuracy of face recognition, and many algorithms have been presented to extract more informative features from the face image. In this paper, an efficient texture descriptor is proposed based on local information of the face image. In the proposed method, at first, face image is split into several sub-images in such a way that each sub-image includes one of the facial parts such as eyes, nose, and lips. Second, texture features are extracted from each sub-image using a new local pattern descriptor, and then features of sub-images are concatenated to construct feature vector. Finally, the face image is compared to images in a dataset based on a similarity measure. In addition, particle swarm optimization algorithm is used to assign weight to the features of different parts of the face image. To evaluate the proposed algorithm, four face datasets, Yale, ORL, GT and KDEF, are used. Implementation results show that the proposed method outperforms recent methods in terms of accuracy, receiver operating characteristic (ROC) curve, and area under ROC curve. [ABSTRACT FROM AUTHOR]

Published

2024

10. An Efficient Pairing-Free Ciphertext-Policy Attribute-Based Encryption Scheme for Internet of Things.

Author

Guo, Chong, Gong, Bei, Waqas, Muhammad, Alasmary, Hisham, Tu, Shanshan, and Chen, Sheng

Abstract

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. [ABSTRACT FROM AUTHOR]

Published

2024

11. Video security in logistics monitoring systems: a blockchain based secure storage and access control scheme.

Author

Chen, Zigang, Liu, Fan, Li, Danlong, Liu, Yuhong, Yang, Xingchun, and Zhu, Haihua

Subjects

*FORENSIC sciences, *DATA security failures, *DATA warehousing, *STORAGE facilities, *DATA transmission systems, *VIDEO surveillance, *ACCESS control

Abstract

With the rapid development of the logistics industry and the continuous growth of e-commerce, effectively monitoring logistics warehouses has become increasingly important to ensure the security of goods and oversee activities within storage facilities. Although current surveillance systems provide a certain level of security for logistics warehouses, they still face issues such as data tampering, storage, and access management. These challenges can compromise the integrity of surveillance video data, making the system vulnerable to unauthorized access. To address these challenges, this paper proposes the implementation of blockchain-based security management and access control of video data in logistics warehouses. Specifically, the solution employs the Hyperledger Fabric consortium blockchain to execute smart contracts and store the hash values of video data, thereby detecting any tampering and enhancing the security and integrity of the data. Additionally, hybrid encryption technology is utilized to ensure the confidentiality of video data during transmission and storage. Furthermore, the solution leverages the InterPlanetary File System (IPFS) for distributed video storage. This not only increases the redundancy and accessibility of data storage but also reduces the risk of single-point failures. A Role-Based Access Control (RBAC) mechanism is also introduced to strictly manage access permissions to video data, ensuring that only authorized users can access the data, thereby effectively preventing unauthorized access and data breaches. Through a comprehensive analysis of computational and communication costs and the evaluation of blockchain performance at 100 transactions per second for different transaction volumes using Hyperledger Caliper, the results demonstrate the effectiveness and efficiency of the proposed method. Compared to current research, this solution exhibits higher security, providing a new approach for the secure management and access control of video data in logistics warehouses. [ABSTRACT FROM AUTHOR]

Published

2024

12. Fully outsourced and fully verifiable attribute-based encryption for cloud data sharing.

Author

Zhao, Xiaolong and Huang, Zhenjie

Subjects

*DATA encryption, *ACCESS control, *INFORMATION sharing, *COST

Abstract

Verifiable outsourced attribute-based encryption (VO-ABE) enables one-to-many data sharing and fine-grained access control under lower trust, making it suitable for cloud or edge systems involving resource-constrained devices. There is no fully outsourced and fully verifiable attribute-based encryption scheme or key-policy VO-ABE scheme. Moreover, the previous VO-ABE schemes require multiple rounds of interaction or high verification costs to support verifiable outsourced key generation and verifiable outsourced encryption. To address these issues, in this paper, we propose an effective key-policy fully outsourced and fully verifiable attribute-based encryption scheme supporting verifiable outsourced key generation, encryption, and decryption simultaneously. We formally define two new properties: outsourced key generation verifiability and outsourced encryption verifiability. Analysis and simulation show that the proposed scheme performs well and is practical. All local computational overheads of the proposed scheme are constant and do not increase with the number of attributes or the complexity of access structures. [ABSTRACT FROM AUTHOR]

Published

2024

13. IPv6 addressing strategy with improved secure duplicate address detection to overcome denial of service and reconnaissance attacks.

Author

Kumar, Gyanendra, Gankotiya, Anil, Rawat, Sur Singh, Balusamy, Balamurugan, and Selvarajan, Shitharth

Subjects

*DENIAL of service attacks, *ACCESS control, *ENERGY consumption, *RANDOM numbers, *RECONNAISSANCE operations, *INTERNET protocol version 6

Abstract

With technology development, the growing self-communicating devices in IoT networks require specific naming and identification, mainly provided by IPv6 addresses. The IPv6 address in the IoT network is generated by using the stateless auto address configuration (SLAAC) mechanism, and its uniqueness is ensured by the DAD protocol. Recent research suggests that IPv6 deployment can be a risky decision due to the existing SLAAC-based addressing scheme and the DAD protocol being prone to reconnaissance and denial of service (DoS) attacks. This research paper proposes a new IPv6 generation scheme with an improved secure DAD mechanism to address these problems. The proposed addressing scheme generates IPv6 addresses by taking a hybrid approach based on vendor id of medium access control (MAC) address, physical location, and arbitrary random numbers, which mitigates reconnaissance attacks by malicious nodes. To prevent the DAD process from DoS attacks, hybrid values of interface identifier (IID) are multicast instead of actual values. The proposed scheme is evaluated under reconnaissance and DoS attacks in the presence of malicious nodes. The evaluation results demonstrate that the proposed method effectively mitigates reconnaissance and DoS attacks, outperforming the EUI-64 and SEUI-64 schemes in terms of address success rate (ASR), energy consumption, and communication overhead. Specifically, the proposed method significantly reduces the average probing rate for scanning the existence of an IPv6 address, with only a 1% probing rate compared to SEUI-64's 5% and EUI-64's 100%. Furthermore, the additional communication overhead introduced by the proposed method is less than 13% and 11% compared to EUI-64 and SEUI-64, respectively. Additionally, the energy consumption required to assign an IPv6 address using the proposed method is lower by 12% and 5% when compared to EUI-64 and SEUI-64, respectively. These findings highlight the effectiveness of the proposed method in enhancing security and optimizing resource utilization in IPv6 addressing. [ABSTRACT FROM AUTHOR]

Published

2024

14. A Fair MAC Protocol Based on Dual Bandwidth Allocation Iterations in Underwater Acoustic Sensor Networks.

Author

Feng, Libin, Liu, Jingke, Chen, Yanxia, and Yao, Jiangyuan

Subjects

*DATA packeting, *ACCESS control, *BANDWIDTH allocation, *BANDWIDTHS, *FAIRNESS, *SCHEDULING

Abstract

ABSTRACT Most existing passive allocation‐based media access control (MAC) protocols for underwater acoustic sensor networks (UASNs) overlook the fairness issue in channel bandwidth allocation, resulting in certain nodes occupying channel resources for extended periods, thereby leading to low channel utilization. To address this issue, this paper proposes a fair MAC protocol based on dual bandwidth allocation iterations (FBA‐MAC). Firstly, by limiting the maximum number of packets and the maximum number of available time slots that the host node can receive in each communication cycle, the protocol reduces collisions and collisions more effectively, thus controlling the communication delay. Secondly, in the process of channel bandwidth allocation, a dual bandwidth allocation iterative method was used to allocate appropriate channel bandwidth for each member node according to its communication requirements and the generation time of its generated data packets. Finally, in order to minimize the time interval of each packet arriving at the host node to reduce the communication delay, the transmission scheduling scheme was adaptively adjusted by combining the results of channel bandwidth allocation to maximize the channel utilization. Simulation results indicate that compared to the other four MAC protocols, FBA‐MAC demonstrates significant advantages in terms of fairness (10% higher), achieving higher network throughput (10% higher) and shorter end‐to‐end delay. Therefore, FBA‐MAC exhibits superior adaptability and efficiency in dynamic network environments. [ABSTRACT FROM AUTHOR]

Published

2024

15. We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers.

Author

Vrhovec, Simon and Markelj, Blaž

Subjects

*INFORMATION technology security, *ACCESS control, *INTERNET security, *MULTI-factor authentication, *COMPUTER software management, *BOTNETS

Abstract

Cyberattacks pose a significant business risk to organizations. Although there is ample literature focusing on why people pose a major risk to organizational cybersecurity and how to deal with it, there is surprisingly little we know about cyber and information security decision-makers who are essentially the people in charge of setting up and maintaining organizational cybersecurity. In this paper, we study cybersecurity awareness of cyber and information security decision-makers, and investigate factors associated with it. We conducted an online survey among Slovenian cyber and information security decision-makers (N = 283) to (1) determine whether their cybersecurity awareness is associated with adoption of antimalware solutions in their organizations, and (2) explore which organizational factors and personal characteristics are associated with their cybersecurity awareness. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles. They also provide insights into which threats (e.g., distributed denial-of-service (DDoS) attacks, botnets, industrial espionage, and phishing) and solutions (e.g., security operation center (SOC), advanced antimalware solutions with endpoint detection and response (EDR)/extended detection and response (XDR) capabilities, organizational critical infrastructure access control, centralized device management, multi-factor authentication, centralized management of software updates, and remote data deletion on lost or stolen devices) are cyber and information security decision-makers the least aware of. We uncovered that awareness of certain threats and solutions is positively associated with either adoption of advanced antimalware solutions with EDR/XDR capabilities or adoption of SOC. Additionally, we identified significant organizational factors (organizational role type) and personal characteristics (gender, age, experience with information security and experience with information technology (IT)) related to cybersecurity awareness of cyber and information security decision-makers. Organization size and formal education were not significant. These results offer insights that can be leveraged in targeted cybersecurity training tailored to the needs of groups of cyber and information security decision-makers based on these key factors. [ABSTRACT FROM AUTHOR]

Published

2024

16. Attribute-Based Designated Combiner Transitive Signature Scheme.

Author

Hou, Shaonan, Yang, Shaojun, and Lin, Chengjun

Subjects

*ACCESS control, *POLICY discourse, *ALGORITHMS, *DEFINITIONS

Abstract

Transitive signatures allow any entity to obtain a valid signature of (i , k) by combining signatures of (i , j) and (j , k) . However, the traditional transitive signature scheme does not offer fine-grained control over the combiner. To address this issue, we propose a formal definition of the attribute-based designated combiner transitive signature (ABDCTS) and its security model, where only entities whose inherent attributes meet the access policy can combine signatures. By introducing the fine-grained access control structure, control over the combiner is achieved. To demonstrate the feasibility of our primitive, this paper presents the first attribute-based designated combiner transitive signature scheme. Under an adaptive chosen-message attack, we prove its security based on the one-more CDH problem and the co-CDH problem, and that its algorithms have robustness. [ABSTRACT FROM AUTHOR]

Published

2024

17. StreamFilter: a framework for distributed processing of range queries over streaming data with fine-grained access control.

Author

Safaee, Shahab, Mirabi, Meghdad, and Safaei, Ali Asghar

Subjects

*DISTRIBUTED computing, *DATA management, *DATA distribution, *ACCESS control, *INDEXING, *TREES

Abstract

Access control is a fundamental component of any data management system, ensuring the prevention of unauthorized data access. Within the realm of data streams, it plays a crucial role in query processing by facilitating authorized access to them. This paper introduces the StreamFilter framework, which focuses on securely processing queries with range filters over streaming data. Leveraging the Role-Based Access Control model, the StreamFilter framework enables the specification of fine-grained access policies at various levels of granularity, such as tuples and attributes, through the utilization of a bit string structure. To enhance the search operation during data stream query processing, the framework employs a distributed indexing method, constructing a set of smaller B + Tree indices rather than a single large B + Tree index. Furthermore, it seamlessly integrates access authorization evaluation with query processing, efficiently filtering unauthorized parts from the query results. The experimental results demonstrate an approximately 50% increase in efficiency for processing queries with range filters compared to the post-filtering strategy. This improvement is observed across all types of data distribution, including uniform, skew, and hyper skew. [ABSTRACT FROM AUTHOR]

Published

2024

18. Optimization of handoff for joint uplink base station association and power control with max‐min fairness in NOMA small‐cell networks.

Author

Pirnia, Sina, Bakhshi, Hamidreza, Dosaranian‐Moghadam, Mohamad, and Khosravi, Ramin

Subjects

*ACCESS control, *ENERGY consumption, *PROBLEM solving, *FAIRNESS, *ALGORITHMS

Abstract

Summary: The handoff rate and load balancing are two important issues that have a great impact on the spectrum and energy efficiency in the small‐cell networks (SCN). This paper investigates the handoff optimization in SCN with power‐domain non‐orthogonal multiple access (NOMA) that uses successive interference cancelation (SIC), considering the fairness among base stations (BSs). We study the joint base station association and power control problem by considering the motion of mobile users (MUs) and load balancing in the SCNs. Under the maximum allowable transmit power and minimum average‐rate constraints, two optimization problems are formulated using the number of associated MUs, the number of handoffs, and the transmit power of all MUs. The total power consumption minimization and the system‐wide and handoff utility maximization problems are combined into a single‐stage optimization problem through the weighted‐sum method. We solve the formulated problem using a game theory‐based algorithm and primal decomposition theory. The simulation results show that our proposed algorithm can significantly reduce the frequent handoffs and bring a fair power‐controlled BS association in SCN. [ABSTRACT FROM AUTHOR]

Published

2024

19. A cross domain access control model for medical consortium based on DBSCAN and penalty function.

Author

Yao, Chuanjia, Jiang, Rong, Wu, Bin, Li, Pinghui, and Wang, Chenguang

Subjects

*ACCESS control, *MEDICAL technology, *MEDICAL consultation, *BLOCKCHAINS, *STRATEGIC planning

Abstract

Background: Graded diagnosis and treatment, referral, and expert consultations between medical institutions all require cross domain access to patient medical information to support doctors' treatment decisions, leading to an increase in cross domain access among various medical institutions within the medical consortium. However, patient medical information is sensitive and private, and it is essential to control doctors' cross domain access to reduce the risk of leakage. Access control is a continuous and long-term process, and it first requires verification of the legitimacy of user identities, while utilizing control policies for selection and management. After verifying user identity and access permissions, it is also necessary to monitor unauthorized operations. Therefore, the content of access control includes authentication, implementation of control policies, and security auditing. Unlike the existing focus on authentication and control strategy implementation in access control, this article focuses on the control based on access log security auditing for doctors who have obtained authorization to access medical resources. This paper designs a blockchain based doctor intelligent cross domain access log recording system, which is used to record, query and analyze the cross domain access behavior of doctors after authorization. Through DBSCAN clustering analysis of doctors' cross domain access logs, we find the abnormal phenomenon of cross domain access, and build a penalty function to dynamically control doctors' cross domain access process, so as to reduce the risk of Data breach. Finally, through comparative analysis and experiments, it is shown that the proposed cross domain access control model for medical consortia based on DBSCAN and penalty function has good control effect on the cross domain access behavior of doctors in various medical institutions of the medical consortia, and has certain feasibility for the cross domain access control of doctors. [ABSTRACT FROM AUTHOR]

Published

2024

20. ECDSA-secured blockchain architecture for interoperable healthcare in the Internet of Robotic Things (IoRT)

Author

Echikr, Abdessamed, Yachir, Ali, Kerrache, Chaker Abdelaziz, and Sahraoui, Zakaria

Subjects

*TELECOMMUNICATION systems, *PRIVATE networks, *SECURITY systems, *DIGITAL signatures, *ACCESS control, *BLOCKCHAINS

Abstract

The ever-growing Internet of Robotic Things (IoRT) in healthcare settings introduces new challenges in securing sensitive patient data. Existing communication networks within IoRT environments are vulnerable to security breaches. This paper proposes an ECDSA-secured blockchain architecture specifically designed to address these challenges. A key innovation is the implementation of a private blockchain network on ZedBoard development boards for access control and data integrity verification. IoT devices collect patient health data, which is then securely transmitted to a Mobius server for storage, minimizing resource impact on ZedBoards. To further strengthen the security framework, the architecture integrates the Elliptic Curve Digital Signature Algorithm (ECDSA) with Radix-${2^w}$2w optimizations. These optimizations result in a 28% reduction in CPU usage and an 8.96% reduction in memory usage, significantly enhancing cryptographic performance. Practical implementation validates the effectiveness of the proposed approach, providing a robust solution for securing IoRT networks. This research offers valuable insights for industries reliant on the seamless integration of IoT and robotics and concludes with key findings and future research directions, including exploring energy-efficient cryptographic protocols, enhancing scalability through advanced consensus mechanisms, and developing user-friendly interfaces for managing IoRT networks. [ABSTRACT FROM AUTHOR]

Published

2024

21. A bidirectional reversible and multilevel location privacy protection method based on attribute encryption.

Author

Hu, Zhaowei, Hu, Kaiyi, and Hasan, Milu Md Khaled

Subjects

*LOCATION data, *QUALITY of service, *DATA reduction, *PRIVATE security services, *TRUST, *ACCESS control

Abstract

Various methods such as k-anonymity and differential privacy have been proposed to safeguard users' private information in the publication of location service data. However, these typically employ a rigid "all-or-nothing" privacy standard that fails to accommodate users' more nuanced and multi-level privacy-related needs. Data is irrecoverable once anonymized, leading to a permanent reduction in location data quality, in turn significantly diminishing data utility. In the paper, a novel, bidirectional and multi-layered location privacy protection method based on attribute encryption is proposed. This method offers layered, reversible, and fine-grained privacy safeguards. A hierarchical privacy protection scheme incorporates various layers of dummy information, using an access structure tree to encrypt identifiers for these dummies. Multi-level location privacy protection is achieved after adding varying amounts of dummy information at different hierarchical levels N. This allows for precise control over the de-anonymization process, where users may adjust the granularity of anonymized data based on their own trust levels for multi-level location privacy protection. This method includes an access policy which functions via an attribute encryption-based access control system, generating decryption keys for data identifiers according to user attributes, facilitating a reversible transformation between data anonymity and de-anonymity. The complexities associated with key generation, distribution, and management are thus markedly reduced. Experimental comparisons with existing methods demonstrate that the proposed method effectively balances service quality and location privacy, providing users with multi-level and reversible privacy protection services. [ABSTRACT FROM AUTHOR]

Published

2024

22. A Blockchain-Based Access Control System for Secure and Efficient Hazardous Material Supply Chains.

Author

Dai, Yi, Lu, Gehao, and Huang, Yijun

Subjects

*SUPPLY chain management, *HAZARDOUS substances, *ACCESS control, *SUPPLY chains, *SMART materials, *BLOCKCHAINS

Abstract

With the rapid expansion of global trade, the complexity and diversification of supply chains have become increasingly significant. In particular, the supply chain for hazardous materials, involving chemicals and explosives, requires stringent regulation. Managing the flow of these high-risk goods necessitates a reliable access control system to ensure safety and compliance. Traditional supply chain management systems often rely on centralized databases and record-keeping systems, which are prone to tampering and single points of failure, making them inadequate for current high-security demands. This paper combines blockchain technology with a hazardous materials supply chain model. In the blockchain network, our innovation lies in the introduction of a transaction coordinator to create transaction sets for each supply chain entity along with smart contracts to implement access control for these transaction sets. We also propose a new hazardous materials supply chain model architecture and conduct experimental verification using simulated hazardous materials supply chain data. Our experimental results show that the proposed method performs excellently in throughput and latency tests, demonstrating the potential to enhance the efficiency and security of supply chain management. [ABSTRACT FROM AUTHOR]

Published

2024

23. A Novel Fingerprint Segmentation Method by Introducing Efficient Features and Robust Clustering Assignment Technique.

Author

Zaimen, Abderraouf and Bouguezel, Saad

Subjects

*HUMAN fingerprints, *THRESHOLDING algorithms, *GENETIC algorithms, *ACCESS control, *CRIMINAL investigation, *ERROR rates, *IMAGE segmentation

Abstract

Fingerprint recognition systems hold a pivotal role across various modern applications, such as criminal investigation, civil identification, and access control. Fingerprint segmentation is commonly the first stage of fingerprint recognition systems, focusing on extracting the foreground from captured fingerprint images. This helps to reduce extracting false minutiae, speed up the extraction process, and hence, improve the overall system performance. In this paper, we introduce a novel fingerprint segmentation method by first proposing new frequency and intensity features with employing fuzzy-c-means and genetic algorithm, accompanied by proposing a new cluster assignment strategy that involves features weighting and cluster assignment probabilities thresholding which helps to improve the accuracy compared to the standard cluster assignment method. Finally, we introduce a new morphological post-processing technique in order to minimize the misclassified pixels and obtain the final mask. Furthermore, we carry out a comprehensive performance evaluation against leading fingerprint segmentation methods on various known databases. As a result, the proposed method achieves an average error rate of 2.52%, which is much lower than the corresponding errors obtained in the literature. By these experimental results, we show that the proposed method outperforms the best existing methods. [ABSTRACT FROM AUTHOR]

Published

2024

24. PrivShieldROS: An Extended Robot Operating System Integrating Ethereum and Interplanetary File System for Enhanced Sensor Data Privacy.

Author

Wang, Tianhao, Chen, Ke, Zheng, Zhaohua, Guo, Jiahao, Zhao, Xiying, and Zhang, Shenhui

Subjects

*DATA privacy, *IMAGE sensors, *ACCESS control, *BLOCKCHAINS, *DETECTORS

Abstract

With the application of robotics in security monitoring, medical care, image analysis, and other high-privacy fields, vision sensor data in robotic operating systems (ROS) faces the challenge of enhancing secure storage and transmission. Recently, it has been proposed that the distributed advantages of blockchain be taken advantage of to improve the security of data in ROS. Still, it has limitations such as high latency and large resource consumption. To address these issues, this paper introduces PrivShieldROS, an extended robotic operating system developed by InterPlanetary File System (IPFS), blockchain, and HybridABEnc to enhance the confidentiality and security of vision sensor data in ROS. The system takes advantage of the decentralized nature of IPFS to enhance data availability and robustness while combining HybridABEnc for fine-grained access control. In addition, it ensures the security and confidentiality of the data distribution mechanism by using blockchain technology to store data content identifiers (CID) persistently. Finally, the effectiveness of this system is verified by three experiments. Compared with the state-of-the-art blockchain-extended ROS, PrivShieldROS shows improvements in key metrics. This paper has been partly submitted to IROS 2024. [ABSTRACT FROM AUTHOR]

Published

2024

25. Privacy information protection of medical internet based on double chaos encryption algorithm.

Author

Huang, Yonggang, Teng, Teng, Li, Yuanyuan, and Zhang, Minghao

Subjects

*IMAGE encryption, *DATA privacy, *INTERNET, *HEALTH services accessibility, *ALGORITHMS, *ACCESS control

Abstract

In order to avoid the risk of patients' private information leakage, this paper puts forward a research on the protection of medical Internet private information based on double chaotic encryption algorithm. This paper analyzes the quantification of risk indicators for privacy information protection of medical Internet, establishes the risk quantification structure of health care big data according to the quantitative calculation results, and puts forward the strategy of controlling access to health care big data, configuring the risk level, describing the attributes of the system database, and realizing the privacy information protection of medical Internet under the double chaotic encryption algorithm. The experimental results show that the real identity of patients is protected to a certain extent in the protection of private information of medical internet after applying this method. Moreover, this method has high storage integrity and small storage standard deviation, and the method in this paper can effectively resist network intrusion. Therefore, it shows that this method has a good effect of protecting private information of medical Internet. [ABSTRACT FROM AUTHOR]

Published

2024

26. Enhancing online health consultations through fuzzy logic-integrated attribute-based encryption system.

Author

Byeon, Haewon, Tammina, Manoj Ram, Soni, Mukesh, Kuzieva, Nargiza, Jindal, Latika, Keshta, Ismail, and Kulkarni, Mrunalini Harish

Subjects

*ACCESS control, *TECHNOLOGICAL innovations, *MEDICAL personnel, *ARCHITECTURAL models, *FUZZY logic, *MEDICAL records

Abstract

Online health consultations are becoming more popular as a result of technological improvements. Patients routinely look for information about medical disorders online, which could jeopardize the privacy of medical records and increase the workload of healthcare professionals. Nonetheless, academics continue to be extremely concerned about issues related to the quality characteristics that relate to the current architectural models, such as energy consumption, latency, resource utilization, scalability, and packet loss. This method, however, also results in a significant strain being placed on medical experts who must sort through vast amounts of medical records to extract certain information. This paper presents a novel ciphertext policy attribute-based encryption method coupled with fuzzy logic to overcome these issues. This solution uses a hybrid structure of IPFS and blockchain to store data and enables complex bidirectional access control. Before being added to IPFS, medical records are encrypted. To ensure data integrity, related IPFS hash indexes are then added to the blockchain. Utilizing attribute-based technology, users' data is encrypted to give them fine-grained bidirectional access control. A thorough security analysis proves the system's resilience, especially when faced with chosen plaintext assaults inside the random oracle model. Tests for this study were conducted using 10–50 attribute sets. This paper's technique solely makes use of a hash operation. All things considered; the study demonstrates that the proposed design is more efficient than earlier schemes. Thus, from the comparison study above, it can be concluded that the system presented in this work is more efficient. Results from simulations provide additional support for the suggested methodology by highlighting the improved computing efficiency of users as compared to baseline conventional systems. This study demonstrates how technological advancement and healthcare requirements can coexist harmoniously, paving the way for secure and effective online medical consultations that are powered by fuzzy logic. [ABSTRACT FROM AUTHOR]

Published

2024

27. Design and implementation of trust based access control model for cloud computing.

Author

Felix, A. Yovan, Varshini, Chilukuri Sri, and Meghana, Cherukuri Sai Sindhu

Subjects

*TRUST, *BREACH of trust, *DATABASES, *ACCESS control, *DATA security, *CLOUD computing, *INFORMATION sharing

Abstract

Shared data security is a major worry in today's world. An individual uses the data-sharing system to upload a file that has been encrypted with the private key. This feature is essential in any system for sharing huge amounts of data since it makes it hard for the owner of the data to maintain the secrecy of the information if one of the users discloses the important information. It provides a concrete and effective implementation of the strategy, showing its viability and establishing the security of the method. Data owners encounter a variety of challenges when it comes to sharing their data on servers or in the cloud. These problems have a number of solutions. These techniques are essential for handling keys that the data owner has shared. The purpose of the paper is to establish trusted authority for user authentication when accessing cloud data. A trustworthy authority generates the key using the SHA algorithm, which is subsequently sent to both the user and the owner. After receiving an AES-encrypted file from the data owner, the trusted authority module computes the hash value using the MD-5 method. Its database contains keys that will be used to detect during dynamic operations which user is abusing the system. The file is sent from a trustworthy source to the CSP module, which saves it in the cloud. It is demonstrated that the produced key sets have a variety of desired qualities that protect communication session confidentiality from collusion assaults by other network nodes. The proposed model provides a flexible and scalable approach to access control, as it allows administrators to define different trust levels and policies for different cloud resources. This model also includes mechanisms for monitoring user behavior and detecting anomalies that may indicate a breach of trust. The access control model offers an effective solution for securing cloud computing environments while ensuring that users can access the resources, they need to perform their tasks. [ABSTRACT FROM AUTHOR]

Published

2024

28. Research Paper Recommender System Evaluation Using Collaborative Filtering.

Author

Haruna, Khalid and Ismail, Maizatul Akmar

Subjects

*INFORMATION filtering, *INFORMATION retrieval, *INTERNET censorship, *CONTENT filters (Computer science), *ACCESS control

Abstract

Several approaches have been proposed to help researchers in retrieving relevant and useful information from the cyber-ocean of information. However, the approaches assumed the academic content to be easily accessible, which is not always the case considering the copyright restrictions. Different from the existing works, we proposed a collaborative approach that leverages public contextual metadata to personalize scholarly recommendations. Our proposed approach has the ability to recommend research papers to the individual researchers regardless of the researcher expertise and research field. As demonstrated using a freely accessible dataset, our proposed approach have shown significant improvements over another baseline method. [ABSTRACT FROM AUTHOR]

Published

2018

29. Study: Cryptography for information security.

Author

Gayathri, M. S. and Preethi, V.

Subjects

*INFORMATION technology security, *MATHEMATICAL formulas, *CRYPTOGRAPHY, *DATA integrity, *ACCESS control, *COMPUTER engineering

Abstract

In this paper, a study is based on the cryptography technique for computer science engineering and it is used to transfer readable text into another form that can't be easily understood. Scientifically, it is a technique that involves the study of formulas of mathematics and protecting the information which secures the data. The information can be confidential, authentic, have access control, data integrity, non-repudiation, etc. It is used by mankind to transfer confidential messages without any corruption in the message. Cryptography has changed quickly in little time. Also, this paper discusses the terms used in cryptography, the types of cryptography, and the comparative analysis between them. [ABSTRACT FROM AUTHOR]

Published

2024

30. Dynamic fine-grained access control for smart contracts based on improved attribute-based signature.

Author

Xiangyu, Wu, Xuehui, Du, Qiantao, Yang, Aodi, Liu, and Wenjuan, Wang

Abstract

Access control for smart contracts is the primary security mechanism for protecting users’ digital assets. However, existing solutions have defects in control granularity and flexibility, and a large number of resource-constrained blockchain nodes impose stringent and lightweight requirements on access control mechanisms. Therefore, achieving secure, efficient, and flexible access control for smart contracts has become a key issue that blockchain applications need to address. Based on the attribute-based access control model, this paper utilizes attribute-based signature (ABS) to achieve flexible and efficient access control for smart contracts. First, to solve the problem that existing ABS schemes are not suitable for resource-constrained blockchain nodes because they are mainly based on expensive bilinear pairing, a lightweight no-pairing attribute-based signature scheme called LABS is designed to make the signature size independent of the user’s attribute set and decouple the signature from the verification policy. Then, based on the LABS scheme, a smart contract-oriented access control mechanism (DSCABS) is proposed to ensure that only legitimate users whose attributes satisfy the access policy can be authorized to invoke smart contracts. Also, DSCABS supports dynamic updates of user rights and contract access policies without modifying or redeploying the smart contract. Finally, the effectiveness of the proposed scheme is verified by simulation experiments. [ABSTRACT FROM AUTHOR]

Published

2025

31. A secure VM live migration technique in a cloud computing environment using blowfish and blockchain technology.

Author

Gupta, Ambika, Namasudra, Suyel, and Kumar, Prabhat

Subjects

*VIRTUAL machine systems, *DATA privacy, *ACCESS control, *QUALITY of service, *COMMUNICATION infrastructure

Abstract

Data centres have become the backbone of infrastructure for delivering cloud services. In the emerging cloud computing paradigm, virtual machine (VM) live migration involves moving a running VM across hosts without visible interruption to the client. Security vulnerabilities, resource optimization, and maintaining the quality of service are key issues in live VM migration. Maintaining security in VM live migration is one of the critical concerns. To create a secure environment, this paper proposes a live migration technique using the blowfish cryptographic algorithm for encryption and decryption, along with blockchain technology, to address challenges such as decentralization, data privacy, and VM security. The algorithms, namely key management blowfish encryption (KMBE), access control searchable encryption (ACSE), protected searchable destination server (PSDS), and key expansion blowfish decryption (KEBD), improve security in VM live migration in terms of various parameters such as data centre request servicing time, response time, and data transfer cost. The proposed technique KMBE improves migration cost ($) by 60–70%, ACSE reduces overall energy consumption (w) by 70–80%, PSDS reduces makespan (ms) by 40–50%, and KEBD improves the security in live VM migration by 30–40%. [ABSTRACT FROM AUTHOR]

Published

2024

32. An enhanced and verifiable lightweight authentication protocol for securing the Internet of Medical Things (IoMT) based on CP-ABE encryption.

Author

Jebrane, Jihane and Lazaar, Saiida

Subjects

*COVID-19 pandemic, *ELLIPTIC curves, *INTERNET of things, *ACCESS control, *DATA transmission systems, *NEAR field communication

Abstract

The integration of the Internet of Things into patient monitoring devices has garnered significant attention, especially in response to the COVID-19 pandemic's increased focus on telecare services. However, Internet of Medical Things (IoMT) devices are constrained by computational power, memory, and bandwidth, making them vulnerable to security risks associated with data transmissions over public networks. Effective authentication is essential for safeguarding patient data and preventing unauthorized control of medical sensors. Existing IoMT authentication protocols frequently fall short, exposing critical vulnerabilities such as replay and impersonation attacks. This paper extends our prior work on the Improved Lightweight Authentication Protocol (ILAPU-Q), which is based on elliptic curves and the U-Quark hash function. We enhance the ILAPU-Q scheme and present a more secure authentication protocol for embedded medical devices. This enhancement relies on Ciphertext Policy-Attribute Based Encryption (CP-ABE), enabling data sources to protect information by cryptographically enforcing access policies. Implementing CP-ABE within the Telemedicine Information System framework eliminates the need for secure data transmission or storage at a dedicated location. Comprehensive security evaluations, conducted using AVISPA and Burrows-Abadi-Needham logic (BAN Logic), confirm the protocol's resilience against a broad spectrum of attacks. Moreover, performance assessments reveal significant advancements in computational efficiency, communication overhead, and storage requirements. Notably, our protocol demonstrates an efficiency improvement of approximately 95–98% over other protocols. This substantial improvement in security and performance underscores the practical value and potential of our protocol in advancing IoMT security standards. [ABSTRACT FROM AUTHOR]

Published

2024

33. Wearing: Art, the Body, and Distance.

Author

Yodanis, Carrie

Subjects

*ART objects, *JEWELRY boxes, *ACCESS control, *JEWELRY, *ARGUMENT

Abstract

AbstractWhy are the objects we place on our bodies not considered art? In this paper, I argue that distance between an object and the body is a criterion for a craft object to become an art object. Art objects are kept at a distance from most bodies. The distance is tightly maintained by the art world and used within the art world to control art and access to it. In the process, this distance defines an object as art. I present the case of jewelry – objects that do not transition from craft to art and are generally not accepted as art by the art world. I argue that this is because jewelry necessarily requires closeness between the body and the object, a violation of the rules of art. The argument I present here is relevant to questions of fashion and art. [ABSTRACT FROM AUTHOR]

Published

2024

34. Energy-Efficient Clustering in Wireless Sensor Networks Using Grey Wolf Optimization and Enhanced CSMA/CA.

Author

Kaddi, Mohammed, Omari, Mohammed, Salameh, Khouloud, and Alnoman, Ali

Subjects

*NETWORK performance, *WIRELESS sensor networks, *ENERGY consumption, *POWER transmission, *DATA transmission systems, *ACCESS control

Abstract

Survivability is a critical concern in WSNs, heavily influenced by energy efficiency. Addressing severe energy constraints in WSNs requires solutions that meet application goals while prolonging network life. This paper presents an Energy Optimization Approach (EOAMRCL) for WSNs, integrating the Grey Wolf Optimization (GWO) for enhanced performance. EOAMRCL aims to enhance energy efficiency by selecting the optimal duty-cycle schedule, transmission power, and routing paths. The proposed approach employs a centralized strategy using a hierarchical network architecture. During the cluster formation phase, an objective function, augmented with GWO, determines the ideal cluster heads (CHs). The routing protocol then selects routes with minimal energy consumption for data transmission to CHs, using transmission power as a metric. In the transmission phase, the MAC layer forms a duty-cycle schedule based on cross-layer routing information, enabling nodes to switch between active and sleep modes according to their network allocation vectors (NAVs). This process is further optimized by an enhanced CSMA/CA mechanism, which incorporates sleep/activate modes and pairing nodes to alternate between active and sleep states. This integration reduces collisions, improves channel assessment accuracy, and lowers energy consumption, thereby enhancing overall network performance. EOAMRCL was evaluated in a MATLAB environment, demonstrating superior performance compared with EEUC, DWEHC, and CGA-GWO protocols, particularly in terms of network lifetime and energy consumption. This highlights the effectiveness of integrating GWO and the updated CSMA/CA mechanism in achieving optimal energy efficiency and network performance. [ABSTRACT FROM AUTHOR]

Published

2024

35. Context-Aware Risk Attribute Access Control.

Author

Li, Binyong, Yang, Fan, and Zhang, Shaowei

Subjects

*ACCESS control, *ADAPTIVE control systems, *ACCESS to information, *GAME theory, *RISK assessment

Abstract

Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information. [ABSTRACT FROM AUTHOR]

Published

2024

36. Deep Learning System for User Identification Using Sensors on Doorknobs.

Author

Vegas, Jesús, Rao, A. Ravishankar, and Llamas, César

Subjects

*DEEP learning, *SYSTEM identification, *MACHINE learning, *DOOR knobs, *ALGORITHMS, *GYROSCOPES

Abstract

Door access control systems are important to protect the security and integrity of physical spaces. Accuracy and speed are important factors that govern their performance. In this paper, we investigate a novel approach to identify users by measuring patterns of their interactions with a doorknob via an embedded accelerometer and gyroscope and by applying deep-learning-based algorithms to these measurements. Our identification results obtained from 47 users show an accuracy of 90.2%. When the sex of the user is used as an input feature, the accuracy is 89.8% in the case of male individuals and 97.0% in the case of female individuals. We study how the accuracy is affected by the sample duration, finding that is its possible to identify users using a sample of 0.5 s with an accuracy of 68.5%. Our results demonstrate the feasibility of using patterns of motor activity to provide access control, thus extending with it the set of alternatives to be considered for behavioral biometrics. [ABSTRACT FROM AUTHOR]

Published

2024

37. Software-Defined Radio Implementation of a LoRa Transceiver.

Author

de Omena Simas, João Pedro, Riviello, Daniel Gaetano, and Garello, Roberto

Subjects

*SOFTWARE radio, *INTERNET radio, *ACCESS control, *REVERSE engineering, *INTERNET of things

Abstract

The number of applications of low-power wide-area networks (LPWANs) has been growing quite considerably in the past few years and so has the number of protocol stacks. Despite this fact, there is still no fully open LPWAN protocol stack available to the public, which limits the flexibility and ease of integration of the existing ones. The closest to being fully open is LoRa; however, only its medium access control (MAC) layer, known as LoRaWAN, is open and its physical and logical link control layers, also known as LoRa PHY, are still only partially understood. In this paper, the essential missing aspects of LoRa PHY are not only reverse engineered, but also, a new design of the transceiver and its sub-components are proposed and implemented in a modular and flexible way using GNU Radio. Finally, some examples of applications of both the transceiver and its components, which are made to be run in a simple setup by using cheap and widely available off-the-shelf hardware, are given to show how the library can be used and extended. [ABSTRACT FROM AUTHOR]

Published

2024

38. SSH-MAC: Service-Aware and Scheduling-Based Media Access Control Protocol in Underwater Acoustic Sensor Network.

Author

Zhao, Hongyu, Chen, Huifang, and Xie, Lei

Subjects

*SENSOR networks, *ACCESS control, *END-to-end delay, *RESOURCE allocation, *ENVIRONMENTAL monitoring, *WIRELESS sensor networks, *DATA transmission systems

Abstract

In the framework of the space-air-ground-ocean integrated network, the underwater acoustic sensor network (UASN) plays a pivotal role. The design of media access control (MAC) protocols is essential for the UASN to ensure efficient and reliable data transmission. From the perspective of differentiated services in the UASN, a service-aware and scheduling-based hybrid MAC protocol, named the SSH-MAC protocol, is proposed in this paper. In the SSH-MAC protocol, the centralized scheduling strategy is adopted by sensor nodes with environmental monitoring service, and the distributed scheduling strategy is adopted by sensor nodes with target detection service. Considering the time-varying data generation rate of sensor nodes, the sink node will switch the scheduling mode of sensor nodes based on the specific control packet and adjust the resource allocation ratio between centralized scheduling and distributed scheduling. Simulation results show that the performance of the SSH-MAC protocol, in terms of utilization, end-to-end delay, packet delivery ratio, energy consumption, and payload efficiency, is good. [ABSTRACT FROM AUTHOR]

Published

2024

39. Adaptive context-aware access control for IoT environments leveraging fog computing.

Author

Kalaria, Rudri, Kayes, A. S. M., Rahayu, Wenny, Pardede, Eric, and Salehi Shahraki, Ahmad

Subjects

*ACCESS control, *INTERNET of things, *ROBUST control, *INFORMATION policy, *FOG

Abstract

The increasing use of the Internet of Things (IoT) has driven the demand for enhanced and robust access control methods to protect resources from unauthorized access. A cloud-based access control approach brings significant challenges in terms of communication overhead, high latency, and complete reliance. In this paper, we propose a Fog-Based Adaptive Context-Aware Access Control (FB-ACAAC) framework for IoT devices, dynamically adjusting access policies based on contextual information to prevent unauthorised resource access. The main purpose of FB-ACAAC is to provide adaptability to changing access behaviors and context by bringing decision-making and information about policies closer to the end nodes of the network. FB-ACAAC improves the availability of resources and reduces the amount of time for information to be processed. FB-ACAAC extends the widely used eXtensible Access Control Markup Language (XACML) to manage access control decisions. Traditional XACML-based methods do not take into account changing environments, different contexts, and changing access behaviors and are vulnerable to certain types of attacks. To address these issues, FB-ACAAC proposes an adaptive context-aware XACML scheme for heterogeneous distributed IoT environments using fog computing and is designed to be context-aware, adaptable, and secure in the face of unauthorised access. The effectiveness of this new scheme is verified through experiments, and it has a low processing time overhead while providing extra features and improved security. [ABSTRACT FROM AUTHOR]

Published

2024

40. MAC approaches to communication efficiency and reliability under dynamic network traffic in wireless body area networks: a review.

Author

Herculano, Jorge, Pereira, Willians, Guimarães, Marcelo, Cotrim, Reinaldo, de Sá, Alirio, Assis, Flávio, Macêdo, Raimundo, and Gorender, Sérgio

Subjects

*BODY area networks, *COMPUTER network traffic, *WIRELESS sensor networks, *BODY sensor networks, *HUMAN body, *ACCESS control

Abstract

Wireless Body Area Networks (WBANs) are wireless sensor networks that monitor the physiological and contextual data of the human body. Nodes in a WBAN communicate using short-range and low-power transmissions to minimize any impact on the human body's health and mobility. These transmissions thus become subject to failures caused by radiofrequency interference or body mobility. Additionally, WBAN applications typically have timing constraints and carry dynamic traffic, which can change depending on the physiological conditions of the human body. Several approaches for the Medium Access Control (MAC) sublayer have been proposed to improve the reliability and efficiency of the WBANs. This paper proposes and uses a systematic literature review (SLR) method to identify, classify, and statistically analyze the published works with MAC approaches for WBAN efficiency and reliability under dynamic network traffic, radiofrequency interference, and body mobility. In particular, we extend a traditional SLR method by adding a new step to select publications based on qualitative parameters. As a result, we identify the challenges and proposed solutions, highlight advantages and disadvantages, and suggest future works. [ABSTRACT FROM AUTHOR]

Published

2024

41. Machine learning-based intelligent security framework for secure cloud key management.

Author

Ahmad, Shahnawaz, Mehfuz, Shabana, Urooj, Shabana, and Alsubaie, Najah

Subjects

*ENCRYPTION protocols, *ACCESS control, *REGULATORY compliance, *FINANCIAL institutions, *HAZARDS

Abstract

Ensuring the confidentiality, integrity, and availability of sensitive data in cloud environments relies heavily on the robust management of cryptographic keys. With the expansion of cloud usage and the increase in data volumes, ensuring the security and reliability of key management services is becoming an essential aspect of overall cloud security. These policies encompass various aspects, such as the lifecycle management of keys, controlling access, encryption protocols, and safeguarding keys, all of which collectively contribute to enhanced security and compliance with regulatory requirements. Two case studies demonstrate the application of existing frameworks in a financial institution and a healthcare organization. The paper concludes by highlighting potential applications and use cases across different industries. This study introduces a secure application management framework within the realm of cloud security called the secure policies of cloud security framework (SPCSF). SPCSF is built around the idea of implementing precise control over application permissions and encrypting REST API communications to enhance protection against malicious attacks. The framework is made up of two main parts: (i) a permission detection engine that determines whether an application's permissions are legitimate. By looking at permission manifests, byte codes, and cross-referencing permissions against a well-defined list of sensitive APIs, it accomplishes this. (ii) Registration Authorization Engine: this engine makes it easier for applications to register securely with the controller. It makes use of a suggested technique for safe authentication, allowing or denying applications access to requested REST APIs based on the level of danger they pose. With this strategy, approved and secure access to vital resources is guaranteed. [ABSTRACT FROM AUTHOR]

Published

2024

42. SDTA: Secure Decentralized Trading Alliance for Electronic Medical Data.

Author

Zhang, Xi, Su, Ye, Qin, Jing, and Sun, Jiameng

Subjects

*ELECTRONIC health records, *MEDICAL databases, *ELECTRONIC data interchange, *DATA security failures, *INFORMATION retrieval

Abstract

Massive medical data are indispensable for training diagnostic models to provide high-quality health monitoring services. The methods for sharing data in existing works involve securely and essentially copying data but often overlook the integration and efficiency of data storage, exchange and application. In this paper, we propose a Secure Decentralized Trading Alliance (SDTA) to encompass the entire process holistically. With monetary incentives, we formulate a chain-net structure for recording data digests and authentic transactions, thereby transforming data sharing into data trading without duplicating data storage. Data privacy is promised by encryption. To manage and employ encrypted medical data, users can update and search their encrypted data using an index and keywords, subsequently retrieving data within the SDTA framework. It is realized by a novel dynamic searchable symmetric encryption (SSE) with an |$l$| -level access strategy, which confines users to data pertinent solely to them, thus circumventing unnecessary data leakage. We scrutinize the storage efficiency and prove the fairness and security of SDTA. Finally, we generate datasets of varying sizes, where the time required to search for a single keyword is approximately 0.04 s with 1 000 000 (keyword, identifier) pairs, showing it quite acceptable. [ABSTRACT FROM AUTHOR]

Published

2024

43. An image partition security-sharing mechanism based on blockchain and chaotic encryption.

Author

Wang, Na, Wang, Xiaochang, Liu, Aodi, Wang, Wenjuan, Ding, Yan, Wu, Xiangyu, and Du, Xuehui

Subjects

*IMAGE segmentation, *IMAGE encryption, *ACCESS control, *BLOCKCHAINS, *PUBLIC spaces, *AUTOMATIC control systems, *ALGORITHMS

Abstract

To ensure optimal use of images while preserving privacy, it is necessary to partition the shared image into public and private areas, with public areas being openly accessible and private areas being shared in a controlled and privacy-preserving manner. Current works only facilitate image-level sharing and use common cryptographic algorithms. To ensure efficient, controlled, and privacy-preserving image sharing at the area level, this paper proposes an image partition security-sharing mechanism based on blockchain and chaotic encryption, which mainly includes a fine-grained access control method based on Attribute-Based Access Control (ABAC) and an image-specific chaotic encryption scheme. The proposed fine-grained access control method employs smart contracts based on the ABAC model to achieve automatic access control for private areas. It employs a Cuckoo filter-based transaction retrieval technique to enhance the efficiency of smart contracts in retrieving security attributes and policies on the blockchain. The proposed chaotic encryption scheme generates keys based on the private areas' security attributes, largely reducing the number of keys required. It also provides efficient encryption with vector operation acceleration. The security analysis and performance evaluation were conducted comprehensively. The results show that the proposed mechanism has lower time overhead than current works as the number of images increases. [ABSTRACT FROM AUTHOR]

Published

2024

44. Blockchain-Based Caching Architecture for DApp Data Security and Delivery.

Author

Kim, Daun and Park, Sejin

Subjects

*DATA security, *BLOCKCHAINS, *CACHE memory, *DATA integrity, *ACCESS control, *QUALITY of service

Abstract

Decentralized applications (DApps) built on blockchain technology offer a promising solution to issues caused by centralization. However, traditional DApps leveraging off-chain storage face performance challenges due to factors such as storage location, network speed, and hardware conditions. For example, decentralized storage solutions such as IPFS suffer from diminished download performance due to I/O constraints influenced by data access patterns. Aiming to enhance the Quality of Service (QoS) in DApps built on blockchain technology, this paper proposes a blockchain node-based distributed caching architecture that guarantees real-time responsiveness for users. The proposed architecture ensures data integrity and user data ownership through blockchain while maintaining cache data consistency through local blockchain data. By implementing local cache clusters on blockchain nodes, our system achieves rapid response times. Additionally, attribute-based encryption is applied to stored content, enabling secure content sharing and access control, which prevents data leakage and unauthorized access in unreliable off-chain storage environments. Comparative analysis shows that our proposed system achieves a reduction in request processing latency of over 89% compared to existing off-chain solutions, maintaining cache data consistency and achieving response times within 65 ms. This demonstrates the model's effectiveness in providing secure and high-performance DApp solutions. [ABSTRACT FROM AUTHOR]

Published

2024

45. Enhancement of VoWiFi cell capacity using A‐MPDU frame aggregation technique in WiFi 6 considering VBR traffic.

Author

Chinmay, Ayes and Kumar Pati, Hemanta

Subjects

*WIRELESS LANs, *IEEE 802.11 (Standard), *TELECOMMUNICATION, *NETWORK performance, *WIRELESS communications, *COMMUNICATION of technical information, *ACCESS control

Abstract

Summary: The rapid growth in wireless communication technology and the proliferation of multimedia applications, specifically Voice over Wireless Fidelity (VoWiFi), necessitate the exploration of innovative techniques for improving network performance and quality‐of‐service (QoS). This research paper presents an innovative approach to enhance VoWiFi cell capacity using aggregate medium access control protocol data unit (A‐MPDU) frame aggregation for variable bit rate (VBR) traffic. In this research article, we investigated the effect that the retransmission of voice packets has on the cell capacity of a wireless local area network (WLAN) standard that provides VoWiFi service while taking into account the A‐MPDU approach. When taking into consideration the constant bit rate (CBR) and VBR traffics, we compared the results obtained using WiFi 6 (i.e., IEEE 802.11ax) with older WLAN standards such as IEEE 802.11b/g/n/ac. [ABSTRACT FROM AUTHOR]

Published

2024

46. A Multi-Phase SMO-Based MAC Protocol for IoT-Enabled WBAN Systems.

Author

Kumar, Sachin and Verma, Pawan Kumar

Subjects

*DATA packeting, *STRUCTURAL frames, *ACCESS control, *BANDWIDTHS, *MONKEYS, *BODY area networks, *DATA transmission systems

Abstract

This paper proposes an optimised Medium Access Control (MAC) protocol to minimise the number of channel access collisions and to improve the bandwidth efficiency of IoT-based Wireless Body Area Networks (WBANs). The frame structure of the proposed MAC protocol consists of three different phases, namely Contention Phase (CP), Transmission Phase (TP), and Inactive Phase (IP). During CP, the proposed protocol prioritises the life-sensitive data. Based on allocated priority, the communicating sensor nodes (SNs) compete for channel access. During TP, the successful SNs transmit their data. We use TDMA mechanism for data transmission and Spider Monkey Optimisation (SMO) technique to improve the bandwidth efficiency of the system by selecting the best possible TDMA time slot according to the data packet size of the SNs. During IP, the SNs go into sleep mode to save energy. We simulate the scenario on MATLAB simulator. The simulation results show that the proposed SMO-MAC improves the throughput by 22.23%, 14.00%, and 17.62%, residual energy by 60.76%, 81.17%, and 124.34%, communication reliability by 70.32%, 52.60%, and 52.60%, and data packet transmission delay by 80.74%, 70.10%, and 77.40% as compared to DRT-MAC, PSO-MAC, and GA-MAC, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

47. Cooperative Communication Based Protocols for Underwater Wireless Sensors Networks: A Review.

Author

Khan, Muhammad Shoaib, Petroni, Andrea, and Biagi, Mauro

Subjects

*WIRELESS sensor networks, *SENSOR networks, *MACHINE learning, *LITERATURE reviews, *SUBMERGED structures, *COMPUTER network protocols, *ACCESS control, *TELECOMMUNICATION systems

Abstract

Underwater wireless sensor networks are gaining popularity since supporting a broad range of applications, both military and civilian. Wireless acoustics is the most widespread technology adopted in underwater networks, the realization of which must face several challenges induced by channel propagation like signal attenuation, multipath and latency. In order to address such issues, the attention of researchers has recently focused on the concept of cooperative communication and networking, borrowed from terrestrial systems and to be conveniently recast in the underwater scenario. In this paper, we present a comprehensive literature review about cooperative underwater wireless sensor networks, investigating how nodes cooperation can be exploited at the different levels of the network protocol stack. Specifically, we review the diversity techniques employable at the physical layer, error and medium access control link layer protocols, and routing strategies defined at the network layer. We also provide numerical results and performance comparisons among the most widespread approaches. Finally, we present the current and future trends in cooperative underwater networks, considering the use of machine learning algorithms to efficiently manage the different aspects of nodes cooperation. [ABSTRACT FROM AUTHOR]

Published

2024

48. A heterogeneous graph-based semi-supervised learning framework for access control decision-making.

Author

Yin, Jiao, Chen, Guihong, Hong, Wei, Cao, Jinli, Wang, Hua, and Miao, Yuan

Abstract

For modern information systems, robust access control mechanisms are vital in safeguarding data integrity and ensuring the entire system’s security. This paper proposes a novel semi-supervised learning framework that leverages heterogeneous graph neural network-based embedding to encapsulate both the intricate relationships within the organizational structure and interactions between users and resources. Unlike existing methods focusing solely on individual user and resource attributes, our approach embeds organizational and operational interrelationships into the hidden layer node embeddings. These embeddings are learned from a self-supervised link prediction task based on a constructed access control heterogeneous graph via a heterogeneous graph neural network. Subsequently, the learned node embeddings, along with the original node features, serve as inputs for a supervised access control decision-making task, facilitating the construction of a machine-learning access control model. Experimental results on the open-sourced Amazon access control dataset demonstrate that our proposed framework outperforms models using original or manually extracted graph-based features from previous works. The prepossessed data and codes are available on GitHub,facilitating reproducibility and further research endeavors. [ABSTRACT FROM AUTHOR]

Published

2024

49. Analysis of Biometric-Based Cryptographic Key Exchange Protocols—BAKE and BRAKE.

Author

Gorski, Maksymilian and Wodo, Wojciech

Subjects

*BIOMETRIC identification, *ACCESS control, *ONLINE banking, *SECURITY systems, *ONLINE identities, *BRAKE systems, *BIOMETRY

Abstract

Biometric authentication methods offer high-quality mechanisms to confirm the identity of individuals in security systems commonly used in the modern world, such as physical access control, online banking, or mobile device unlocking. They also find their application in cryptographic solutions, which allow the biometrically authenticated exchange of cryptographic keys between users and services on the internet, despite the fuzziness of biometric data. Such solutions are BAKE (biometrics-authenticated key exchange) and BRAKE (biometric-resilient authenticated key exchange) protocols, upon which our work is based. However, the direct application of fuzzy biometrics in cryptography, which relies heavily on the accuracy of single-bit secret values, is not trivial. Therefore, this paper is devoted to analyzing the security of this idea and the feasibility of implementing biometric AKE (authenticated key exchange) protocols, with an emphasis on the BRAKE protocol. As the results of our analysis, we discuss BRAKE's limitations and vulnerabilities, which need to be appropriately addressed to implement the protocol in modern systems. [ABSTRACT FROM AUTHOR]

Published

2024

50. Channel utilization of media access control protocols for underwater acoustic networks with propagation delay and mobilitya).

Author

Wang, Ruoyu and Zheng, Y. Rosa

Subjects

*ACCESS control, *UNDERWATER acoustic communication, *ARTIFICIAL intelligence, *TELECOMMUNICATION systems, *SUBMERGED structures, *CLASSROOM environment

Abstract

This paper investigates the impact of mobility on underwater acoustic communication networks in which the propagation delay is comparable to or larger than the packet duration. An underwater acoustic wireless network, consisting of static and mobile nodes, is studied for its link-layer channel utilization. Synchronous and asynchronous media access control (MAC) protocols are employed with ALOHA, TDMA (time-division multiple access), and artificial intelligence (AI) agent nodes. The simulation results of a multi-node network show that the asynchronous MAC protocols achieve up to 6.66× higher channel utilization than synchronous protocols by allowing time slots to be shorter than the maximum propagation delay among nodes and permitting asynchronous transmission time. The high mobility of a few mobile nodes also favors asynchronous protocols and increases the overall channel utilization. However, node mobility causes more difficulties for the AI node to learn the environment, which may be ineffective to achieve higher gains in channel utilization. [ABSTRACT FROM AUTHOR]

Published

2024