Showing total 96 results

1. Privacy information protection of medical internet based on double chaos encryption algorithm.

Author

Huang, Yonggang, Teng, Teng, Li, Yuanyuan, and Zhang, Minghao

Subjects

*IMAGE encryption, *DATA privacy, *INTERNET, *HEALTH services accessibility, *ALGORITHMS, *ACCESS control

Abstract

In order to avoid the risk of patients' private information leakage, this paper puts forward a research on the protection of medical Internet private information based on double chaotic encryption algorithm. This paper analyzes the quantification of risk indicators for privacy information protection of medical Internet, establishes the risk quantification structure of health care big data according to the quantitative calculation results, and puts forward the strategy of controlling access to health care big data, configuring the risk level, describing the attributes of the system database, and realizing the privacy information protection of medical Internet under the double chaotic encryption algorithm. The experimental results show that the real identity of patients is protected to a certain extent in the protection of private information of medical internet after applying this method. Moreover, this method has high storage integrity and small storage standard deviation, and the method in this paper can effectively resist network intrusion. Therefore, it shows that this method has a good effect of protecting private information of medical Internet. [ABSTRACT FROM AUTHOR]

Published

2024

2. A Novel IDS with a Dynamic Access Control Algorithm to Detect and Defend Intrusion at IoT Nodes.

Author

Alazab, Moutaz, Awajan, Albara, Alazzam, Hadeel, Wedyan, Mohammad, Alshawi, Bandar, and Alturki, Ryan

Subjects

*INTRUSION detection systems (Computer security), *ACCESS control, *INTERNET of things, *ALGORITHMS, *FALSE alarms, *MATHEMATICAL analysis

Abstract

The Internet of Things (IoT) is the underlying technology that has enabled connecting daily apparatus to the Internet and enjoying the facilities of smart services. IoT marketing is experiencing an impressive 16.7% growth rate and is a nearly USD 300.3 billion market. These eye-catching figures have made it an attractive playground for cybercriminals. IoT devices are built using resource-constrained architecture to offer compact sizes and competitive prices. As a result, integrating sophisticated cybersecurity features is beyond the scope of the computational capabilities of IoT. All of these have contributed to a surge in IoT intrusion. This paper presents an LSTM-based Intrusion Detection System (IDS) with a Dynamic Access Control (DAC) algorithm that not only detects but also defends against intrusion. This novel approach has achieved an impressive 97.16% validation accuracy. Unlike most of the IDSs, the model of the proposed IDS has been selected and optimized through mathematical analysis. Additionally, it boasts the ability to identify a wider range of threats (14 to be exact) compared to other IDS solutions, translating to enhanced security. Furthermore, it has been fine-tuned to strike a balance between accurately flagging threats and minimizing false alarms. Its impressive performance metrics (precision, recall, and F1 score all hovering around 97%) showcase the potential of this innovative IDS to elevate IoT security. The proposed IDS boasts an impressive detection rate, exceeding 98%. This high accuracy instills confidence in its reliability. Furthermore, its lightning-fast response time, averaging under 1.2 s, positions it among the fastest intrusion detection systems available. [ABSTRACT FROM AUTHOR]

Published

2024

3. A Self-Localization Algorithm for Mobile Targets in Indoor Wireless Sensor Networks Using Wake-Up Media Access Control Protocol.

Author

Souissi, Rihab, Sahnoun, Salwa, Baazaoui, Mohamed Khalil, Fromm, Robert, Fakhfakh, Ahmed, and Derbel, Faouzi

Subjects

*WIRELESS sensor networks, *WIRELESS localization, *ACCESS control, *C++, *ALGORITHMS, *ENERGY consumption, *DENTAL adhesives, *MOBILE apps

Abstract

Indoor localization of a mobile target represents a prominent application within wireless sensor network (WSN), showcasing significant values and scientific interest. Interference, obstacles, and energy consumption are critical challenges for indoor applications and battery replacements. A proposed tracking system deals with several factors such as latency, energy consumption, and accuracy presenting an innovative solution for the mobile localization application. In this paper, a novel algorithm introduces a self-localization algorithm for mobile targets using the wake-up media access control (MAC) protocol. The developed tracking application is based on the trilateration technique with received signal strength indication (RSSI) measurements. Simulations are implemented in the objective modular network testbed in C++ (OMNeT++) discrete event simulator using the C++ programming language, and the RSSI values introduced are based on real indoor measurements. In addition, a determination approach for finding the optimal parameters of RSSI is assigned to implement for the simulation parameters. Simulation results show a significant reduction in power consumption and exceptional accuracy, with an average error of 1.91 m in 90% of cases. This method allows the optimization of overall energy consumption, which consumes only 2.69% during the localization of 100 different positions. [ABSTRACT FROM AUTHOR]

Published

2024

4. Disabling Tracing in Black-Box-Traceable CP-ABE System: Alert Decryption Black Box.

Author

Qiao, Huidong, Ren, Jiangchun, Wang, Zhiying, and Hu, Ying

Subjects

*CLOUD storage, *ACCESS control, *CLOUD computing, *ALGORITHMS

Abstract

In application scenarios such as cloud storage, a symmetric algorithm can be used to encrypt massive data. However, using the symmetric operation and keys in encryption and decryption, it is very difficult to realize an efficient access control system. The asymmetric encryption algorithm ciphertext-policy attribute-based encryption (CP-ABE), as a versatile one-to-many encryption algorithm, is considered an ideal access control tool to solve the user's distrust of the service provider of cloud storage. However, in a traditional CP-ABE system, the malicious users may deliberately leak their attribute keys to others or build a decryption black box (DB) to provide illegal decryption services for benefits, while no one can determine their identities. To deal with the problems, especially the problem of tracing the DB builder, CP-ABE schemes with black-box traceability have been proposed in the past few years. But in this paper, we point out that for now, the tracing algorithms in all existing schemes actually work on an impractical assumption. That is, whenever a DB receives a decryption request, it always performs the decryption algorithm honestlycorrectly. We argue that if a DB finds the decryption request comes from the tracing algorithm, it may intentionally output incorrect decryption results to counter the tracing. Thus, we present the structural defect of the tracing algorithm applied to all known traceable CP-ABE schemes. We describe the construction of an alert decryption black box (ADB) that is capable of distinguishing a tracing ciphertext from a normal one. We also show how an ADB frustrates the tracing algorithm, and furthermore, malicious users can even apply an ADB to frame innocent users. [ABSTRACT FROM AUTHOR]

Published

2024

5. Dynamic-Distance-Based Thresholding for UAV-Based Face Verification Algorithms.

Author

Diez-Tomillo, Julio, Alcaraz-Calero, Jose Maria, and Wang, Qi

Subjects

*DRONE aircraft, *ALGORITHMS, *ACCESS control, *PUBLIC safety, *EUCLIDEAN distance

Abstract

Face verification, crucial for identity authentication and access control in our digital society, faces significant challenges when comparing images taken in diverse environments, which vary in terms of distance, angle, and lighting conditions. These disparities often lead to decreased accuracy due to significant resolution changes. This paper introduces an adaptive face verification solution tailored for diverse conditions, particularly focusing on Unmanned Aerial Vehicle (UAV)-based public safety applications. Our approach features an innovative adaptive verification threshold algorithm and an optimised operation pipeline, specifically designed to accommodate varying distances between the UAV and the human subject. The proposed solution is implemented based on a UAV platform and empirically compared with several state-of-the-art solutions. Empirical results have shown that an improvement of 15% in accuracy can be achieved. [ABSTRACT FROM AUTHOR]

Published

2023

6. Body Area Networking: Selected Papers from IEEE PIMRC 2009.

Author

Sayrafian-Pour, Kamran and Yekeh Yazdandoost, Kamya

Subjects

*ARTIFICIAL implants, *MEDICAL equipment, *HOUSEHOLD electronics, *ACCESS control, *ALGORITHMS

Abstract

Body Area Networks (BAN) which consist of RF-enabled wearable and implantable sensory nodes are poised to be a promising interdisciplinary technology with novel uses in pervasive healthcare, personal entertainment and consumer electronics. The papers which appear in this special issue have been carefully selected from the best IEEE PIMRC 2009 conference papers addressing some of the most challenging issues in BAN such as propagation modeling, physical, and medium access control layers. Papers presented here propose models, algorithms and protocols exhibiting advance research in this promising field. [ABSTRACT FROM AUTHOR]

Published

2010

7. Adaptively secure CP-ABE for circuits with fan-in n and fan-out 1.

Author

Sun, Keshuo and Gao, Haiying

Subjects

*CIRCUIT complexity, *COMPUTATIONAL complexity, *CLOUD computing, *PEBBLES, *ACCESS control, *ALGORITHMS, *PUBLIC key cryptography

Abstract

The attribute-based encryption (ABE) scheme is suitable for access control of ciphertext in cloud computing. Kowalczyk and Wee proposed an adaptively secure attribute-based encryption scheme that supports NC 1 circuits. However, the ciphertext length increases rapidly with the depth of the circuit, resulting in an increase of the computational complexity of the encryption and decryption algorithms. In this paper, to overcome this challenge, a ciphertext-policy ABE scheme that supports circuits with fan-in n is proposed. First, we design new pebble rules for secret sharing in circuits with fan-in n, improving the compactness of the security reduction. Then, the new secret sharing scheme is embedded in the encryption algorithm, which is the key to improving efficiency. Moreover, we prove the adaptive security of the scheme by using a piecewise guessing framework and dual-system encryption. Finally, by comparison analysis, this scheme exhibits a better performance. [ABSTRACT FROM AUTHOR]

Published

2023

8. A fusion data security protection scheme for sensitive E-documents in the open network environment.

Author

Liu, Lei, Cao, Mingwei, and Sun, Yeguo

Subjects

*DATA security, *DATA protection, *MULTISENSOR data fusion, *ACCESS control, *DATA warehousing, *ALGORITHMS, *DATA encryption

Abstract

E-documents are carriers of sensitive data, and their security in the open network environment has always been a common problem with the field of data security. Based on the use of encryption schemes to construct secure access control, this paper proposes a fusion data security protection scheme. This scheme realizes the safe storage of data and keys by designing a hybrid symmetric encryption algorithm, a data security deletion algorithm, and a key separation storage method. The scheme also uses file filter driver technology to design a user operation state monitoring method to realize real-time monitoring of user access behavior. In addition, this paper designs and implements a prototype system. Through the verification and analysis of its usability and security, it is proved that the solution can meet the data security protection requirements of sensitive E-documents in the open network environment. [ABSTRACT FROM AUTHOR]

Published

2021

9. A Momentum-Based Local Face Adversarial Example Generation Algorithm.

Author

Lang, Dapeng, Chen, Deyun, Huang, Jinjie, and Li, Sizhao

Subjects

*HUMAN facial recognition software, *ALGORITHMS, *ACCESS control, *FACE

Abstract

Small perturbations can make deep models fail. Since deep models are widely used in face recognition systems (FRS) such as surveillance and access control, adversarial examples may introduce more subtle threats to face recognition systems. In this paper, we propose a practical white-box adversarial attack method. The method can automatically form a local area with key semantics on the face. The shape of the local area generated by the algorithm varies according to the environment and light of the character. Since these regions contain major facial features, we generated patch-like adversarial examples based on this region, which can effectively deceive FRS. The algorithm introduced the momentum parameter to stabilize the optimization directions. We accelerated the generation process by increasing the learning rate in segments. Compared with the traditional adversarial algorithm, our algorithms are very inconspicuous, which is very suitable for application in real scenes. The attack was verified on the CASIA WebFace and LFW datasets which were also proved to have good transferability. [ABSTRACT FROM AUTHOR]

Published

2022

10. Energy-Aware Medium Access Control Protocol and Clustering Algorithm for Clustered Wireless Sensor Networks with High Altitude Platforms as the Base Station.

Author

Hendrawan, Pangestu, Dimas Aji, and Iskandar

Subjects

*WIRELESS sensor networks, *ACCESS control, *COST functions, *ALTITUDES, *ALGORITHMS, *ENERGY consumption

Abstract

This paper presents the work of the Medium Access Control (MAC) protocol for clustered wireless sensor networks (WSN) with High Altitude Platforms (HAPS) as the base station. To reduce energy consumption in WSN, clustering is carried out so that the sensors only send data to their respective cluster heads rather than directly to the HAPS. Unlike base stations which have a relatively fixed position and coverage, HAPS can shift horizontally, vertically, and even inclination movements which will affect the coverage of the nodes that can be covered. Therefore, an adaptive clustering algorithm was developed that can adapt to this issue. The main consideration in designing a MAC that is integrated with clustering algorithms is energy efficiency so that sensor nodes can last as long as possible. To achieve this goal the formation of clusters is based on a cost function based on the remaining energy, distance, and the number of sensor nodes in each cluster. Additionally, MAC in intra-cluster communication adopts the concept of scheduling based on the ratio between the distance and the remaining energy at the sensor node to avoid sensor nodes from idle listening, thereby saving energy. Furthermore, the sensor node behavior is modeled as consisting of four states, namely sleep, contention, back-off, and active Tx/Rx. The performance of the proposed MAC Protocol is evaluated through several simulations based on lifetime and energy consumption. In addition, simulations are carried out to test how far the HAPS can shift in position and keep all sensor nodes connected to the network. The simulation results show that the HAPS displacement tolerance of the proposed MAC protocol is better than the recommendations given by ITU-R F.1891. [ABSTRACT FROM AUTHOR]

Published

2022

11. Verifiable, Secure Mobile Agent Migration in Healthcare Systems Using a Polynomial-Based Threshold Secret Sharing Scheme with a Blowfish Algorithm.

Author

Kumar, Pradeep, Banerjee, Kakoli, Singhal, Niraj, Kumar, Ajay, Rani, Sita, Kumar, Raman, and Lavinia, Cioca Adriana

Subjects

*PUFFERS (Fish), *ALGORITHMS, *MEDICAL care, *APPLICATION software, *ACCESS control, *DATA integrity

Abstract

A mobile agent is a software application that moves naturally among hosts in a uniform and non-uniform environment; it starts with one host and then moves onto the next in order to divide data between clients. The mobile paradigm is utilized in a wide assortment of medical care applications such as the medical information of a patient, the recovery of clinical information, the incorporation of information pertaining to their wellbeing, dynamic help, telemedicine, obtaining clinical data, patient administration, and so on. The accompanying security issues have grown in tandem with the complexity and improvements in mobile agent technologies. As mobile agents work in an insecure environment, their security is a top priority when communicating and exchanging data and information. Data integrity, data confidentiality and authentication, on-repudiation, denial of service, and access control, are all key security concerns with mobile agent migration. This paper proposes a Verifiable, Secure Mobile Agent Migration model, based on two polynomials (t, n), and an edge secret imparting plan with Blowfish encryption, to enable secure information transmission in clinical medical care. [ABSTRACT FROM AUTHOR]

Published

2022

12. CPACK: An Intelligent Cyber-Physical Access Control Kit for Protecting Network †.

Author

Yu, Haisheng, Liu, Zhixian, Zou, Sai, and Wang, Wenyong

Subjects

*ACCESS control, *CYBER physical systems, *SOFTWARE-defined networking, *ALGORITHMS

Abstract

Access Control Lists (ACL) are critical to protecting network and cyber-physical systems. Traditional firewalls mostly use reactive methods to enforce ACLs, so that new ACL updates cannot take effect immediately. In this paper, based on our previous work, we propose CPACK, an intelligent cyber-physical access control kit, which uses a smart algorithm to upgrade the ACL list. CPACK adopts a proactive way to enforce ACL and reacts to a new ACL update and network view update in real time. We implement CPACK on both Floodlight and ONOS controller. We then conduct a large number of experiments to compare CPACK with the Floodlight firewall application. The experimental results show that CPACK has a better performance than the existing Floodlight firewall application. CPACK is also integrated into the new version of Floodlight and ONOS controller. [ABSTRACT FROM AUTHOR]

Published

2022

13. 基于属性基加密的区块链数据共享模型.

Author

张晓东, 陈韬伟, 余益民, 段正泰, and 高　建

Subjects

*BLOCKCHAINS, *INFORMATION sharing, *ALGORITHMS, *DATA structures, *ACCESS control, *DATA security

Abstract

Inspired by the fact that attribute-based encryption technology can effectively realize cloud data security sharing and access control, this paper proposed a block chain data sharing model based on attribute-based encryption to ensure the privacy protection and full security in the current block chain system. The model was based on the ciphertext policy attribute-based encryption ( CP-ABE) scheme proposed by Waters. First of all, in the secret key generation phase, the data user entrusted multiple nodes to jointly calculate and store part of the private key, while other data users were not allowed to obtain the complete key, thus improving the efficiency of private key generation. Secondly, in order to prevent the abuse of key and the management of parameters in the algorithm, this paper defined a key transfer transaction data structure, and realized the accountability of CP-ABE algorithm. Finally, by building a shared chain with the function of collaborative computing and storage on and off the chain, it realized the effective integration of attribute-based encryption and block chain system. Security analysis and experimental simulation results show that the proposed model has certain optimization in the computational efficiency of key generation and actual business scenarios to meet the needs of engineering applications. [ABSTRACT FROM AUTHOR]

Published

2021

14. Multi-keyword ranked search with access control for multiple data owners in the cloud.

Author

Guo, Jiaqi, Tian, Cong, Lu, Xu, Zhao, Liang, and Duan, Zhenhua

Subjects

*DATA security, *CLOUD computing, *ALGORITHMS, *ACCESS control, *K-nearest neighbor classification

Abstract

Secure search is important for promoting the widespread use of cloud computing. As a common situation, when data users search for certain data from multiple data owners, searchable encryption raises the possibility of secure searches over encrypted cloud data. However, most of the existing schemes for the multi-owner model are based on asymmetric searchable encryption, which is inefficient for searching unstructured data. In addition, a Trusted Third-Party (TTP) is often required to assist in encrypting indexes or enforcing access control, which increases the cost and becomes a bottleneck to system security. To overcome these limitations, this paper proposes a secure multi-keyword ranked search scheme with access control for the multi-owner model, named MOMRS-AC. Specifically, we extend the basic secure KNN-based search scheme considering the single-owner model to an efficient multi-keyword ranked search scheme without TTP for the multi-owner model, and provide a signature algorithm to verify the search results. Also, we construct a fine-grained access control that supports recipient anonymity, large-universe and decentralized authorities. To lower the overhead of data users, we extend MOMRS-AC to support outsourcing of verification and decryption. Security and performance analyses demonstrate that MOMRS-AC is secure and efficient for the multi-owner model in practice. [ABSTRACT FROM AUTHOR]

Published

2024

15. 基于区块链和密文属性加密的访问控制方案.

Author

张晓东, 陈韬伟, 余益民, and 王会源

Subjects

*DATA structures, *DATA security, *INFORMATION sharing, *COMPUTATIONAL complexity, *ACCESS control, *BLOCKCHAINS, *ALGORITHMS

Abstract

With the advent of the digital society, data has become an important factors of productivity. In order to fully realize the values of data, access control as a technology of data security sharing is a fundamental component of data security and data governance. Therefore, this paper proposed a cipher-text access control scheme based on blockchain aiming at improving security of cipher-text and secret key in distributed architecture. Firstly, this scheme verified the authenticity and integrity of outsourced cipher-text storage by using cipher-text generation algorithm and verifiable smart contract. Secondly, it designed an attribute key based on off-chain secure multi-party computation (SMC) to ensure the security of the user's secret key and the uniqueness of the secret key, which could reduce computational complexity of the single attribute authority, and could effectively protect the user's attribute privacy and avoided the single point of failure. Finally, through defining the formatted transaction data structure, it realized the whole process accountability of access control on the blockchain. Security analysis, performance analysis and experimental simulation results show that proposed scheme meets the requirements of general blockchain in terms of security and performance, and provides a general block chain access control scheme for data sharing. [ABSTRACT FROM AUTHOR]

Published

2022

16. SFM-MAC: Multichannel MAC Protocol for Underwater Sensor Networks Based on Underwater Passive Localization Mechanisms.

Author

Yang, Qiuling, Dong, Wei, Xu, Zhiyuan, and Huang, Xiangdang

Subjects

*SENSOR networks, *MULTICHANNEL communication, *WIRELESS sensor networks, *WIRELESS localization, *MARKOV processes, *ACCESS control, *ALGORITHMS

Abstract

Yang, Q.; Dong, W.; Xu, Z., and Huang, X., 2020. SFM-MAC: Multichannel MAC protocol for underwater sensor networks based on underwater passive localization mechanisms. Journal of Coastal Research, 36(6), 1332–1342. Coconut Creek (Florida), ISSN 0749-0208. With the continuous development of ocean research in recent years, underwater acoustic sensor networks, as the extension of terrestrial wireless sensor networks (WSNs), play an increasingly important role in ocean and coastal research. To solve the problem of spatial unfairness caused by spatiotemporal uncertainty of underwater acoustic signal propagation in underwater WSNs and improve the throughput of underwater networks, this paper proposes a slotted-floor multichannel medium access control (SFM-MAC) protocol based on a single transceiver. SFM-MAC uses an underwater passive localization algorithm to obtain location information and then transforms spatiotemporal information to avoid the synchronization of the whole network to reduce the spatiotemporal uncertainty of underwater networks; further, it uses request to send (RT)/channel announcement/channel listening/clear to send (CTS) handshaking mechanism to avoid multichannel hidden terminal problems and achieve fair access. In addition, the paper uses the Markov chain to construct the reservation model of control channels, and theoretically analyzes and calculates the theoretical throughput of the multichannel MAC protocol under the condition of reserved collision. Simulation experiments show that the network fairness index of SFM-MAC is 15% higher than that of traditional RTS/ CTS protocols. The effective network throughput of SFM-MAC in different business scenarios is 60–70% and 12–15% higher than the single-channel underwater MAC protocol SF acquisition multiple access and the multichannel underwater MAC protocol, respectively. [ABSTRACT FROM AUTHOR]

Published

2020

17. 支持撤销的外包加解密 CP-ABE 方案.

Author

欧毓毅, 汪倩倩, and 顾国生

Subjects

*PROXY servers, *ACCESS control, *ALGORITHMS, *REVOCATION, *MULTI-factor authentication, *CLOUD storage

Abstract

ABE scheme has been more and more widely used in cloud storage,it can achieve fine-granularity access control. However, most of the existing ABE schemes have the problems of low efficiency and high overhead. In order to solve this problem, this paper proposed a more efficient and fine-grained attribute-based encryption scheme supporting attribute revocation. The transfers the complex computation of the encryption and decryption process to the proxy server, thus reducing the encryption and decryption computation of users. This paper also proposed an efficient attribute revocation method which concentrated on the update of the ciphertexts and users' secret keys associated with the corresponding revoked attributes, so the cost of attribute revocation is very small . And combined the method of two-factor identity authentication to improve the security of the algorithm. The theoretical analysis show that this scheme is safe under the standard model based on the DBDH hypothesis. [ABSTRACT FROM AUTHOR]

Published

2020

18. 基于格的多授权密文属性加密方案.

Author

唐 慧 and 汪学明

Subjects

*LATTICE theory, *PARALLEL algorithms, *LEARNING problems, *ALGORITHMS, *SHARING, *ACCESS control

Abstract

Based on a comprehensive analysis of existing encryption schemes based on ciphertext strategy attributes, the existing ciphertext strategy attribute encryption schemes are bottlenecked by a single authorization center, and an attribute encryption scheme based on the difficult assumption of traditional BDH (bilinear Diffie-Hellman) that cannot resist quantum attacks. This paper combined with the lattice theory to construct a new multi-authorization center ciphertext attribute-based encryption scheme. The scheme could achieve decentralized management of user attributes by the multi-attribute authorization center. The scheme used the sampling algorithm on the grid to generate keys for users, adopted linear encoded sharing technology to achieve the attribute access control strategy, supported "and, or and threshold" operations. The form could support parallel algorithms on the grid, which made algorithm more efficient. Security proves the intractability of learning problems with inherent errors from the protocol to the decision, which better meets than satisfies the requirements for cloud environment. [ABSTRACT FROM AUTHOR]

Published

2022

19. 基于以太坊平台的医疗数据安全共享方案.

Author

蔡楚君 and 柳 毅

Subjects

*ACCESS control, *DATA management, *COMPUTER hacking, *PROBLEM solving, *ALGORITHMS, *BLOCKCHAINS

Abstract

In order to solve the problems of centralised medical data management systems being vulnerable to hacking, poor data interoperability and patients having no control over their data, this paper proposed a secure sharing scheme for medical data based on the Ethereum. It used blockchain combined with the ElGamal algorithm and reversible hash function to achieve a secure patient-centric sharing mechanism, and used smart contracts as well as control modules to achieve access control for data users. Compared with the comparison scheme, the simulation experiment shows that the proposed scheme has lower computing overhead while meeting the five security features of confidentiality,integrity,identity verification,non-repudiation,and access control. [ABSTRACT FROM AUTHOR]

Published

2022

20. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud.

Author

Ji, Honghan, Zhang, Hongjie, Shao, Lisong, He, Debiao, and Luo, Min

Subjects

*ALGORITHMS, *ACCESS control, *ELECTRIC power distribution grids, *CLOUD computing, *CLOUD storage

Abstract

Dispatching and Control Cloud (DCC) is a cloud platform constructed by State Grid Corporation with the technology of cloud computing. DCC has improved the overall operation and monitoring capabilities, the smart level and many other advantages of power grid. However, the development of DCC has been hampered by security and privacy issues. Secure unified identity authentication, access control and authorisation management are significant topics in DCC. To find out a solution for the topics above, we have employed some encryption schemes using the attribute-based encryption(ABE), as ABE can preserve users' privacy and achieve access control with fine grain over the encrypted information. SM9 is a kind of Chinese official standard in the field of cryptography, which contains the SM9 encryption algorithm (SM9-IBE). In this paper, an ABE scheme based on SM9-IBE is proposed, making SM9 support fine-grained access control which would be better applied in DCC. Our proposed scheme (SM9-ABE) has been proven to be of great security in the selective CPA model under DBDH assumption. Furthermore, we implement SM9-ABE and evaluate its practical performance. The implementation indicates our scheme performs well in the matter of security and functionality, at an additional time cost which is acceptable. [ABSTRACT FROM AUTHOR]

Published

2021

21. Learning nodes: machine learning-based energy and data management strategy.

Author

Kim, Yunmin and Lee, Tae-Jin

Subjects

*MACHINE learning, *ENERGY management, *DATA management, *ALGORITHMS, *ACCESS control, *WIRELESS communications

Abstract

The efficient use of resources in wireless communications has always been a major issue. In the Internet of Things (IoT), the energy resource becomes more critical. The transmission policy with the aid of a coordinator is not a viable solution in an IoT network, since a node should report its state to the coordinator for scheduling and it causes serious signaling overhead. Machine learning algorithms can provide the optimal distributed transmission mechanism with little overhead. A node can learn by itself by utilizing the machine learning algorithm and make the optimal transmission decision on its own. In this paper, we propose a novel learning Medium Access Control (MAC) protocol with learning nodes. Nodes learn the optimal transmission policy, i.e., minimizing the data and energy queue levels, using the Q-learning algorithm. The performance evaluation shows that the proposed scheme enhances the queue states and throughput. [ABSTRACT FROM AUTHOR]

Published

2021

22. A two‐level clustering mechanism for energy enhancement in Internet‐of‐Things‐based wireless sensor networks.

Author

Bany Salameh, Haythem, Obaidat, Heba, Al‐Shamali, Ahmad, and Jararweh, Yaser

Subjects

*WIRELESS sensor networks, *ALGORITHMS, *DATA packeting, *ENERGY consumption, *ACCESS control, *INTERNET of things

Abstract

Summary: Wireless sensors are considered the key elements in enabling efficient Internet of Things (IoT) networking and services. One of the key objectives in designing a WSN is increasing network lifetime by reducing the overall network energy consumption. To achieve this, several techniques have been proposed to extend the network lifetime, such as clustering. Clustering divides the network into several clusters, each with its own member nodes and a cluster‐head (CH) node. In this paper, a novel clustering mechanism is developed with the objective of extending network lifetime through load balancing in wireless sensor networks (WSNs). This is achieved by electing a new node to a provides specific tasks in the WSN to decrease energy consumption and enhance network lifetime. This node is called a relay node that is responsible of delivering the received data packets from the CHs, and then forwards them to the central node (sink). Unlike previous clustering schemes, the proposed algorithm consists of three main processes: CH selection, relay node selection, and medium access control processes. These processes depend on energy level and user's distributions. The performance of the proposed algorithm is investigated through simulation experiments in terms of network lifetime under various network parameters. The results reveal that the proposed mechanism significantly enhances network lifetime compared to previously proposed algorithms. [ABSTRACT FROM AUTHOR]

Published

2021

23. Scheduling Design and Performance Analysis of Carrier Aggregation in Satellite Communication Systems.

Author

Al-Hraishawi, Hayder, Maturo, Nicola, Lagunas, Eva, and Chatzinotas, Symeon

Subjects

*TELECOMMUNICATION satellites, *DATA packeting, *SCHEDULING, *ACCESS control, *QUALITY of service, *ALGORITHMS

Abstract

Carrier Aggregation is one of the vital approaches to achieve several orders of magnitude increase in peak data rates. While carrier aggregation benefits have been extensively studied in cellular networks, its application to satellite systems has not been thoroughly explored yet. Carrier aggregation can offer an enhanced and more consistent quality of service for users throughout the satellite coverage via combining multiple carriers, utilizing the unused capacity at other carriers, and enabling effective interference management. Furthermore, carrier aggregation can be a prominent solution to address the issue of the spatially heterogeneous satellite traffic demand. This paper investigates introducing carrier aggregation to satellite systems from a link layer perspective. Deployment of carrier aggregation in satellite systems with the combination of multiple carriers that have different characteristics requires effective scheduling schemes for reliable communications. To this end, a novel load balancing scheduling algorithm has been proposed to distribute data packets across the aggregated carriers based on channel capacities and to utilize spectrum efficiently. Moreover, in order to ensure that the received data packets are delivered without perturbing the original transmission order, a perceptive scheduling algorithm has been developed that takes into consideration channel properties along with the instantaneous available resources at the aggregated carriers. The proposed modifications have been carefully designed to make carrier aggregation transparent above the medium access control (MAC) layer. Additionally, the complexity analysis of the proposed algorithms has been conducted in terms of the computational loads. Simulation results are provided to validate our analysis, demonstrate the design tradeoffs, and to highlight the potentials of carrier aggregation applied to satellite communication systems. [ABSTRACT FROM AUTHOR]

Published

2021

24. Fusion facial semantic feature and incremental learning mechanism for efficient face recognition.

Author

Zhong, Rui, Wu, Huaiyu, Chen, Zhihuan, and Zhong, Qi

Subjects

*MACHINE learning, *HUMAN facial recognition software, *EYEBROWS, *ACCESS control, *ALGORITHMS, *HUMAN-computer interaction

Abstract

Efficient face recognition can realize fast and accurate face recognition and make it widely used in essential fields such as human–computer interaction and access control. At present, there are many face recognition methods whose recognition rate can reach high accuracy, but the training of the model and the recognition of samples take much time, which leads to insufficient real-time performance. This paper designs a fusion facial semantic feature (FFSF) and an incremental learning mechanism (ILM) for efficient face recognition. FFSF feature is a fusion of facial contour features and facial semantic component features, which can extract contour features and interior features of facial organs (eyes, mouth, nose, and eyebrow) according to facial organs' position. FFSF features can ensure that the extracted features are concentrated in the face's most discriminative region, making the extracted features have good discriminative characteristics. Then, we use a clustering algorithm to construct a hierarchical incremental learning tree (HIL-Tree) with a hierarchical structure and use the HIL-Tree to implement the ILM. ILM achieves fast and accurate sample classification by retrieving the nodes in HIL-Tree, and the training samples can be directly added to the HIL-Tree by retrieval instead of rebuilding the HIL-Tree during the training process. Extensive experiments on several public data sets demonstrate the proposed efficient face recognition method's excellent accuracy and efficiency. [ABSTRACT FROM AUTHOR]

Published

2021

25. Ciphertext retrieval via attribute-based FHE in cloud computing.

Author

Ding, Yong, Han, Bo, Wang, Huiyong, and Li, Xiumin

Subjects

*CLOUD computing, *DATA encryption, *DATA security, *ACCESS control, *ALGORITHMS

Abstract

In order to ensure the security of users’ information effectively, this paper investigates ciphertext-based attribute encryption. Homomorphic encryption can settle the problems of data privacy in cloud environments, in the way that can be operated directly to achieve the same result as for plaintext operations. In this paper, on the premise of attribute encryption, we propose an attribute-based fully homomorphism encryption scheme with LSSS matrix and a ciphertext-based retrieval scheme on this basis. Firstly, the retrieval scheme supports fine-grained cum flexible access control along with “Query-Response” mechanism to enable users to efficiently retrieve desired data from cloud servers. Secondly, the scheme supports considerable flexibility to revoke system privileges from users without updating the key client, which reduces the burden of the client greatly. Security analysis shows that the scheme can resist collusion attack. A comparison of the performance with existing CP-ABE schemes indicates that our scheme reduces the computation cost greatly for users and guarantees only the owners of the evaluation keys can perform ciphertext retrieval, which is also one of the main advantages of the proposed scheme. [ABSTRACT FROM AUTHOR]

Published

2018

26. SEAPP: A secure application management framework based on REST API access control in SDN-enabled cloud environment.

Author

Hu, Tao, Zhang, Zhen, Yi, Peng, Liang, Dong, Li, Ziyong, Ren, Quan, Hu, Yuxiang, and Lan, Julong

Subjects

*ACCESS control, *APPLICATION program interfaces, *SOFTWARE-defined networking, *ALGORITHMS, *RECORDING & registration, *CLOUD computing

Abstract

Cloud computing provides scalable network services and makes network management more flexible by combining Software-Defined Networking (SDN). Through the northbound interface (e.g., REST API) offered by the SDN controller, users can easily deploy diversified applications to access the network resources. However, exploiting the openness of the northbound interface, malicious applications abuse APIs to launch hostile attacks, which poses serious threats to the network. In this paper, we propose SEAPP, a secure application management framework based on REST API access control. Our main idea is to granularly manage application permissions and encrypt REST API calls to defend against malicious attacks. SEAPP includes two components: 1) permissions detection engine identifies the facticity of application permissions by analyzing permission manifests and byte codes and further identifies the legality of permissions with constructed sensitive API list; 2) registration authorization engine executes encrypted registration between applications and controller by virtue of NTRU algorithm and authorizes applications to call the requested REST APIs based on their risk levels after securely authenticating them. Besides, SEAPP is a lightweight logic architecture between application plane and control plane and supports quick deployment and reconfiguration in runtime. Both theoretical analysis and evaluation results show the security and effectiveness of SEAPP. Besides, SEAPP introduces negligible CPU and memory overheads. • The fidelity and legality of application permissions are identified. • Application registration information is encrypted by NTRU. • A dynamic REST APIs authorization is developed. [ABSTRACT FROM AUTHOR]

Published

2021

27. Achieving efficient and Privacy-preserving energy trading based on blockchain and ABE in smart grid.

Author

Guan, Zhitao, Lu, Xin, Yang, Wenti, Wu, Longfei, Wang, Naiyu, and Zhang, Zijian

Subjects

*SMART cities, *WIRELESS sensor network security, *BLOCKCHAINS, *ALGORITHMS, *INTERNET of things, *ACCESS control

Abstract

With the advent of the Industry 4.0 era, the development of smart cities based on the Internet of Things (IoT) has reached a new level. As a key component of the Internet of Things (IoT), the security of wireless sensor networks (WSN) has received widespread attention. Among them, Energy Internet, as an important part to support the construction of smart cities, its security and reliability research is becoming more and more important. In the Energy Internet, distributed energy transaction model is a promising approach to replace the traditional centralized transaction model and has become the leading direction of development in energy trading. As the underlying support, blockchain technology is attracting more and more attention due to its advantages, i.e., integrity and non-repudiation. However, most blockchain-based trading models face the problem of privacy disclosure. In this paper, to solve this problem, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is introduced as the core algorithm to reconstruct the transaction model. Specifically, we build a general model for distributed transactions called PP-BCETS (Privacy-preserving Blockchain Energy Trading Scheme). It can achieve fine-grained access control through transaction arbitration in the ciphertext form. This design can maximize the protection of privacy information, and considerably improve the security and reliability of the transaction model. Additionally, a credibility-based equity proof consensus mechanism is proposed in PP-BCETS, which can greatly increase the operation efficiency. The security analysis and experimental evaluations are conducted to prove the validity and practicability of our proposed scheme. • Secure and privacy-preserving energy trading scheme is proposed. • ABE- and blockchain-based energy trading. • credibility-based equity proof consensus mechanism. [ABSTRACT FROM AUTHOR]

Published

2021

28. An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks.

Author

Qin, Xuanmei, Huang, Yongfeng, and Li, Xing

Subjects

*ACCESS control, *ELLIPTIC curves, *ALGORITHMS, *ELLIPTIC curve cryptography, *DATA security, *KEY agreement protocols (Computer network protocols)

Abstract

Nowadays, more and more data are stored on cloud for sharing in vehicular networks, but the increasing number of cloud data security incidents makes how to guarantee confidentiality of sharing data one of the main concerns. Attribute-based encryption is considered as a suitable method to solve this issue. However, the requirements of lightweight and privacy make it difficult to apply the existing attribute-based encryption schemes directly in vehicular networks. In this paper, we put forward an access control scheme with lightweight decryption and conditional authentication for secure data sharing in vehicular networks. In this scheme, we extend elliptic-curve cryptography-based key-policy attribute-based encryption scheme with token-based decryption for lightweight access control. Moreover, we integrate Elliptic Curve Qu-Vanstone implicit certificate with ELGamal encryption algorithm to achieve both mutual authentication and conditional privacy protection. The performance analysis shows that the proposed scheme requires less time for both encryption and decryption on the user side. The security analysis shows that the proposed scheme can provide conditional anonymity. [ABSTRACT FROM AUTHOR]

Published

2020

29. An efficient algorithm to detect DDoS amplification attacks.

Author

Quadir, Md Abdul, Christy Jackson, J., Prassanna, J., Sathyarajasekaran, K., Kumar, K., Sabireen, H., Ubarhande, Shivam, Vijaya Kumar, V., Varadarajan, Vijayakumar, Kommers, Piet, Piuri, Vincenzo, and Subramaniyaswamy, V.

Subjects

*ALGORITHMS, *DENIAL of service attacks, *COMPUTER network protocols, *INTERNET domain naming system, *INTERNET protocol address, *ACCESS control

Abstract

Domain name system (DNS) plays a critical part in the functioning of the Internet. But since DNS queries are sent using UDP, it is vulnerable to Distributed Denial of Service (DDoS) attacks. The attacker can take advantage of this and spoof the source IP address and direct the response towards the victim network. And since the network does not keep track of the number of requests going out and responses coming in, the attacker can flood the network with these unwanted DNS responses. Along with DNS, other protocols are also exploited to perform DDoS. Usage of Network Time Protocol (NTP) is to synchronize clocks on systems. Its monlist command replies with 600 entries of previous traffic records. This response is enormous compared to the request. This functionality is used by the attacker in DDoS. Since these attacks can cause colossal congestion, it is crucial to prevent or mitigate these types of attacks. It is obligatory to discover a way to drop the spoofed packets while entering the network to mitigate this type of attack. Intelligent cybersecurity systems are designed for the detection of these attacks. An Intelligent system has AI and ML algorithms to achieve its function. This paper discusses such intelligent method to detect the attack server from legitimate traffic. This method uses an algorithm that gets activated by excess traffic in the network. The excess traffic is determined by the speed or rate of the requests and responses and their ratio. The algorithm extracts the IP addresses of servers and detects which server is sending more packets than requested or which are not requested. This server can be later blocked using a firewall or Access Control List (ACL). [ABSTRACT FROM AUTHOR]

Published

2020

30. Secure auditing and deduplication for encrypted cloud data supporting ownership modification.

Author

Bai, Jianli, Yu, Jia, and Gao, Xiang

Subjects

*DATA integrity, *CLOUD storage, *AUDITING, *ALGORITHMS, *ACCESS control, *MODIFICATIONS, *DATA

Abstract

Storing only one unique copy of the same cloud data and guaranteeing its integrity are two main goals for cloud storage auditing and deduplication schemes. In such schemes, data owners can firmly believe the data integrity by periodically auditing and the cloud server can save lots of storage space by exploiting the duplication techniques. However, when a data owner deletes or modifies his outsourced data, he should lose the ownership for the original data and should not be able to successfully retrieve this data any more. For all we know, existing cloud storage auditing and deduplication literatures fail to support the modifications of ownership, which actually occur quite often in actual cloud storage scenarios. In this paper, we propose the first deduplicated data integrity auditing scheme supporting the ownership modification. It guarantees the integrity of the outsourced data and supports the dynamic access control over the outsourced data. We employ a re-encryption algorithm and the secure identity-based broadcast encryption technology, which prevent data from being disclosed to the revoked owners, even if they previously had prior ownership of these data. The security and efficiency of our proposed scheme have been validated by detailed analysis and experiments. [ABSTRACT FROM AUTHOR]

Published

2020

31. Pseudorandom sequence contention algorithm for IEEE 802.11ah based internet of things network.

Author

Raouf, Mohammed A., Hashim, Fazirulhisyam, Liew, Jiun Terng, and Alezabi, Kamal Ali

Subjects

*ALGORITHMS, *INTERNET of things, *MARKOV processes, *ACCESS control, *CARRIER sense multiple access, *INTEGERS

Abstract

The IEEE 802.11ah standard relies on the conventional distributed coordination function (DCF) as a backoff selection method. The DCF is utilized in the contention-based period of the newly introduced medium access control (MAC) mechanism, namely restricted access window (RAW). Despite various advantages of RAW, DCF still utilizes the legacy binary exponential backoff (BEB) algorithm, which suffers from a crucial disadvantage of being prone to high probability of collisions with high number of contending stations. To mitigate this issue, this paper investigates the possibility of replacing the existing exponential sequence (i.e., as in BEB) with a better pseudorandom sequence of integers. In particular, a new backoff algorithm, namely Pseudorandom Sequence Contention Algorithm (PRSCA) is proposed to update the CW size and minimize the collision probability. In addition, the proposed PRSCA incorporates a different approach of CW freezing mechanism and backoff stage reset process. An analytical model is derived for the proposed PRSCA and presented through a discrete 2-D Markov chain model. Performance evaluation demonstrates the efficiency of the proposed PRSCA in reducing collision probability and improving saturation throughput, network throughput, and access delay performance. [ABSTRACT FROM AUTHOR]

Published

2020

32. Time-variant attribute-based multitype encryption algorithm for improved cloud data security using user profile.

Author

Kumaresan, S. and Shanmugam, Vijayaragavan

Subjects

*DATA security, *ALGORITHMS, *ACCESS control, *ENCRYPTION protocols, *SECURITY management, *CLOUD computing, *REINFORCEMENT learning

Abstract

Cloud computing becomes more sophisticated to provide different services at different levels of user access. Even though various services are accessed at a different level, the security of data being accessed is a highly challenging one. However, there is a number of encryption approaches discussed toward the problem of cloud security; they suffer to achieve higher security as required. The previous ABFD (attribute-based flexible delegation) algorithm uses a set of policies in encrypting the data with specific keys mentioned in the policy. However, the leakage of encryption policy would introduce poor security which can be overcome by adopting multitype encryption standards in different time windows. According to this, an efficient time-variant attribute-based multitype encryption algorithm (TAM) is presented in this paper. The TAM algorithm maintains a taxonomy of attributes and related keys to be used for encryption and decryption. The corresponding keys have been used to generate the ciphertext. The content of taxonomy has been dynamically changing in each time window which makes the difference in integrity management and security performance than previous algorithms. The TAM approach introduces a higher security performance up to 89.6%. The method also reduces the time complexity up to 21 s and increases the throughput performance up to 96%. [ABSTRACT FROM AUTHOR]

Published

2020

33. 一种轻量级的雾计算属性基外包加密算法.

Author

曾萍, 钱进, 穆成新, 高原, and 胡荣磊

Subjects

*RANDOM numbers, *ACCESS control, *DATABASES, *EVIDENCE, *ALGORITHMS, *SECURITY management

Abstract

In order to reduce the resources occupied by the attribute-based encryption algorithm, this paper introduced an improved attribute-based outsourced encryption algorithm based on secure data access control attribute-based encryption. It outsourced the complex bilinear pairings in the encryption computing to the fog node to reduce the user's computation overhead. By simplifying the system parameters, it reduced the random number generated by attribute authority for every attribute to shorten the length of ciphertext and the key, as well as the storage cost of the system. And it gave the security proof of the scheme. [ABSTRACT FROM AUTHOR]

Published

2020

34. A Modified IEEE 802.11 MAC for Optimizing Broadcasting in Wireless Audio Networks.

Author

Chousidis, Christos, Pisca, Ioana, and Huang, Zhengwen

Subjects

*BROADCASTING industry, *SOUND systems, *IEEE 802.11 (Standard), *ALGORITHMS, *ACCESS control, *WIRELESS LANs

Abstract

The use of network infrastructures to replace conventional professional audio systems is a rapidly increasing field which is expected to play an important role within the professional audio industry. Currently, the market is dominated by numerous proprietary protocols which do not allow interoperability and do not promote the evolution of this sector. Recent standardization actions are intending to resolve this issue excluding, however, the use of wireless networks. Existing wireless networking technologies are considered unsuitable for supporting real-time audio networks, not because of lack of bandwidth but due to their inefficient congestion control mechanisms in broadcasting. In this paper, we propose an amendment of the IEEE 802.11 MAC that improves the performance of the standard for real-time audio data delivery. The proposed amendment is offering a solution for the balancing of data flow density in wireless ad-hoc networks for a multi-broadcasting environment. It is based on two innovative ideas. First, it provides a protection mechanism for broadcasting and second, it replaces the classic congestion control mechanism, based in random backoff, with an alternative traffic adaptive algorithm, designed to minimize collisions. The proposed MAC is able to operate as an alternative mode allowing regular Wi-Fi networks to coexist and interoperate efficiently with audio networks, with the last ones being able to be deployed over existing wireless network infrastructures. [ABSTRACT FROM AUTHOR]

Published

2020

35. LOADS: Load Optimization and Anomaly Detection Scheme for Software-Defined Networks.

Author

Chaudhary, Rajat and Kumar, Neeraj

Subjects

*ANOMALY detection (Computer security), *SOFTWARE-defined networking, *IP networks, *ACCESS control, *ALGORITHMS

Abstract

The decoupling of control functionality from the forwarding devices to the control plane in Software-Defined Networks (SDN) provides a unique platform to design a programmable and reconfigurable network. A single controller due to its limited capacity and resources may not handle heavy load traffic generated from various smart devices. In order to handle this, multiple controllers need to be deployed at the control plane so as to ensure improved efficiency and scalability of the network. The data flow by the distributed controllers fluctuates frequently which results in an uneven load distribution amongst different controllers. So, to handle the aforementioned issues, in this paper, a Load Optimization and Anomaly Detection Scheme (LOADS) is proposed. Using LOADS, the probability of switch selection is determined using the following two factors (i) distance from the switch to the controller, and (ii) resource consumption ratio of the switch to its controller. Also, an IP flow-based network anomaly detection module has been designed to classify the traffic as malicious or normal. In order to address the network anomaly, the LOADS scheme uses Access Control Policies (ACPs) on the user's behavior in the network. The proposed scheme is evaluated on Mininet emulator using POX controller with datasets of Internet Topology Zoo from BTNorthAmerica zone. The performance analysis reveals that LOADS minimizes the average execution time by 6.74% and 20.64% as compared to the existing competitive schemes, Distributed Hopping Algorithm (DHA) and Elastic Distributed Controller (ElastiCon). Also, it helps in improving the overall migration cost and response time of each controller. The proposed LOADS scheme has the migration cost of 55.1 milliseconds as compared to the ElastiCon and DHA schemes alongwith the migration cost of 110 milliseconds and 140 milliseconds respectively. In addition to the migration cost, the response time of the proposed scheme is 32.8 milliseconds as compared to DHA and ElastiCon which takes almost 90 milliseconds and 78 milliseconds respectively. [ABSTRACT FROM AUTHOR]

Published

2019

36. Improved MAC layer protocol of Wifi for satellite network.

Author

Liu, Sili, Chen, Jianyun, Ma, Chao, and Zhu, Lingxiao

Subjects

*ARTIFICIAL satellites, *MICROSPACECRAFT, *TIME management, *ACCESS control, *COMPUTER network protocols

Abstract

With the development and universal application of satellite technology, an important way to expand the function of satellites is setting up inter-satellite networks to make them work together. Traditional satellite networking methods generally adopt a fixed time slot allocation method, which is not suitable for small satellite groups with low latency and high throughput requirements. In order to solve this problem, it has been proposed to apply the traditional Wifi protocol in satellite networking. As there are differences between satellite networks and terrestrial networks, it’s necessary to improve the traditional 802.11 protocol. The Media Access Control (MAC) protocol in 802.11 is improved in this paper, which mainly includes the adaptive algorithm of maximum contention window size and the growth algorithm of Contention Window (CW) size. The maximum contention window is adjusted according to the conflict state of the current network, which makes the network accommodate more satellite nodes. The CW growth algorithm improves the traditional Binary Exponential Back-off (BEB) algorithm, where the CW is designed according to the priority of the data frame or the network load. In this way, high-priority satellite accusation information will have higher reliability or tolerate greater network load. [ABSTRACT FROM AUTHOR]

Published

2019

37. A fully homomorphic–elliptic curve cryptography based encryption algorithm for ensuring the privacy preservation of the cloud data.

Author

Prabu Kanna, G. and Vasudevan, V.

Subjects

*PRIVACY, *ACCESS control, *COMPUTATIONAL complexity, *CRYPTOGRAPHY, *ALGORITHMS, *CURVES, *QUANTUM cryptography

Abstract

Enabling a security and privacy preservation for the cloud data is one of the demanding and crucial tasks in recent days. Because, the privacy of the sensitive data should be safeguard from the unauthorized access for improving its security. So, various key generation, encryption and decryption mechanisms are developed in the traditional works for privacy preservation in cloud. Still, it remains with the issues such as increased computational complexity, time consumption, and reduced security. Also, the traditional works use the symmetric key cryptography based. Thus, this paper aims to develop a new privacy preservation mechanism by implementing a fully homomorphic–elliptic curve cryptography (FH-ECC) algorithm. The data owner encrypts the original data by converting it into the cipher format with the use of ECC algorithm, and applies the FH operations on the encrypted data before storing it on the cloud. When the user gives the data request to the cloud, the Cloud Service Provider verifies the access control policy of the user for enabling the restricted access on the data. If the access policy is verified, the encrypted data is provided to the user, from that the cipher text is extracted. Then, the ECC decryption and FH operations are applied to generate the original text. Based on the several analysis, the research work is evaluated with the help of different performance measures such as execution time, encryption time, and decryption time. In addition the effectiveness of the novel FHE technique is justified by the comparative analysis made with the traditional techniques. [ABSTRACT FROM AUTHOR]

Published

2019

38. Secure access control in multidomain environments and formal analysis of model specifications.

Author

NAZERIAN, Fatemeh, MOTAMENI, Homayun, and NEMATZADEH, Hossein

Subjects

*ACCESS control, *DATA analysis, *ALLOY analysis, *ALGORITHMS, *DATA mining

Abstract

Distributed multiple organizations interact with each other. If the domains employ role-based access control, one method for interaction between domains is role-mapping. However, it may violate constraints in the domains such as role hierarchy, separation of duty, and cardinality. Therefore, autonomy of the domains is lost. This paper proposes secure interoperation in multidomain environments. For this purpose, a cross-domain is created by foreign permission assignment. In an effort to maintain the autonomy of every domain, several rules are defined formally. Then, a decentralized scheme is used to provide permission mapping between domains. At the next stage, the proposed crossdomain is specified using Alloy, the first logic language. Subsequently, validity of the rules is analyzed through Alloy analyzer. [ABSTRACT FROM AUTHOR]

Published

2018

39. Application of a secure data transmission with an effective timing algorithm based on LoRa modulation and chaos.

Author

Erkan, Emre, Oğraş, Hidayet, and Fidan, Şehmus

Subjects

*DATA transmission systems, *TELECOMMUNICATION systems, *ALGORITHMS, *REMOTE control, *ACCESS control, *MOBILE communication systems, *SECURITY systems

Abstract

• A real-time application for secure data transmission using a different approach. • The receiver system requires a confirmation signal to perform necessary action. • Utilizing chaos dynamics for generating secret codes used in the algorithm. • The transmitted data can be a simple bit or any multimedia data of major systems. In today's technology, remote control or access is widely used in many platforms. However, the fact that remotely controlled platforms are open to external attacks or not secure enough which can have serious negative consequences. In this paper, a real-time LoRa modulation based data transmission application is achieved. The security of remotely transmitted data is not only provided with a basic encryption structure, but also a confirmation signal based transceiver system is designed in which the required process is performed only with a certain time interval. Firstly, the data to be transmitted is mixed with a secret key using XOR operation then transmitter creates a random period of time that specifies how long after the confirmation signal will be sent relative to the data signal. Hence, the entire system security is enhanced by the timing algorithm running with millisecond precision between the transceiver circuits. Encryption of the confirmation signal in a similar structure as the data signal improves security of the entire system. In this application, a PWM signal containing voltage information has been successfully transmitted in ciphered form using LoRa modulation. The designed algorithm for the receiver and transmitter circuits has been tested and verified in real time application. Experimental results show that the proposed scheme can be applied to any application-based communication system. [ABSTRACT FROM AUTHOR]

Published

2023

40. 2D2PS: A demand-driven privacy-preserving scheme for anonymous data sharing in smart grids.

Author

Chang, Yuan, Li, Jiliang, and Li, Wenjuan

Subjects

*PRIVACY, *INFORMATION sharing, *DATA encryption, *ALGORITHMS

Abstract

In smart grid services, electricity consumption data sharing may lead to privacy breaches and the potential for misuse of personal data. Existing data aggregation approaches mainly rely on homomorphic encryption techniques to achieve privacy protection in data sharing, however, lack consideration of controlled anonymity and fine-grained access control. This paper proposes a demand-driven privacy-preserving scheme for anonymous data sharing in smart grids to solve these problems. Specifically, an authenticable pseudonym assignment method is first proposed to achieve controlled anonymity. In addition, a proxy re-encryption technique and a data separation algorithm are implemented to achieve fine-grained access control. Finally, we strictly prove that our scheme achieves privacy protection and authentication, and demonstrate its feasibility and effectiveness through simulations. [ABSTRACT FROM AUTHOR]

Published

2023

41. Optimal bidding strategy for generation companies under CVaR constraint.

Author

Luo, Xiao, Chung, Chi‐yung, Yang, Hongming, and Tong, Xiaojiao

Subjects

*ELECTRICITY, *SOCIAL services, *ALGORITHMS, *SECURITY systems, *ACCESS control

Abstract

SUMMARY This paper investigates bidding strategy problems of generation companies in electricity markets. A new bidding model is set up, and a solution approach is presented. Compared with existing models, the model proposed in this paper has some different characteristics. First, the model adopts a bilevel optimization framework where the upper-level optimization is to maximize the profit of generation companies, and the aim of the lower-level optimization is the maximal social welfare and the security of the operation system considered by the Independent System Operator. This model combines practical situations faced by market agents in real-life operations and the requirement of both the system security and the social welfare. Second, the popular risk measure, called conditional value at risk, is used in the bidding model, which can quantify the market risk and describe the competitive mechanism effectively. For solving the complicated bilevel optimization model, a hybrid particle swarm optimization algorithm is presented. Numerical examples are used to validate the model and the algorithm. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2014

42. Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

Author

Alagarsamy, Sumithra and Rajagopalan, S. P.

Subjects

*PUBLIC key infrastructure (Computer security), *CIPHERS, *MOBILE communication systems, *INTERNET of things, *ACCESS control

Abstract

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network. [ABSTRACT FROM AUTHOR]

Published

2017

43. Channel Status based Sliding Contention Window (CS-SCW) algorithm: A Fuzzy Control Approach for Medium Access in Wireless Networks.

Author

Nithya, B., Mala, C., and Sivasankar, E.

Subjects

*FUZZY logic, *ALGORITHMS, *WIRELESS LANs, *ACCESS control, *COMPUTER network protocols

Abstract

The dynamic nature of IEEE802.11 Wireless LAN network poses several challenges in developing a contention resolution scheme. A contention control algorithm guarantees maximum channel throughput by reducing collisions and improves the fairness among competing nodes. Based on the local history and neighbouring station' status, a new algorithm namely Channel Status based Sliding Contention Window (CS-SCW) algorithm is proposed in this paper to adopt the optimum contention window interval. In the proposed algorithm, a fuzzy controller is used to infer about the current channel condition and to regulate the random access in network. Simulation results confirm the enhanced performance of the proposed CS-SCW algorithm in terms of success rate, packet loss, fairness index and energy consumption. [ABSTRACT FROM AUTHOR]

Published

2017

44. A formal modeling and analysis approach for access control rules, policies, and their combinations.

Author

Karimi, Vahid, Alencar, Paulo, and Cowan, Donald

Subjects

*ACCESS control, *ALGORITHMS, *DATABASE management, *MODELS & modelmaking, *SECURITY systems

Abstract

Approaches to access control (AC) policy languages, such as eXtensible access control markup language, do not provide a formal representation for specifying rule- and policy-combining algorithms or for verifying properties of AC policies. Some authors propose formal representations for these combining algorithms. However, the proposed models are not expressive enough to represent formally history-based classes of these algorithms, such as ordered-permit-overrides. In addition, some other authors propose a formal representation but do not present automated support for formal verification of properties of AC policies that use these algorithms. This paper demonstrates a new representation that can express all existing AC rule and policy combinations of which the authors are aware. This representation can also be used to automate the formal verification of properties of AC policies related to these algorithms. A new modeling representation for rule- and policy-combining algorithms based on state machines is used to specify rule- and policy-combining algorithms. Examples of these algorithms are programmed in the language of the SPIN model checker, and the programs are then used to support the automated formal verification of properties of AC policies. We present our approach and then use the AC policies and properties of CONTINUE, a conference management system, to compare it with prior work. Our first contribution is a new modeling representation for combining algorithms based on state machines. The second contribution is the formal verification of AC properties under certain combining algorithms that are beyond the capability of other approaches. [ABSTRACT FROM AUTHOR]

Published

2017

45. A Data Classification Method for Inconsistency and Incompleteness Detection in Access Control Policy Sets.

Author

Shaikh, Riaz, Adi, Kamel, and Logrippo, Luigi

Subjects

*ACCESS control, *INCONSISTENCY (Logic), *COMPUTER security vulnerabilities, *BOOLEAN matrices, *ALGORITHMS

Abstract

Access control policies may contain anomalies such as incompleteness and inconsistency, which can result in security vulnerabilities. Detecting such anomalies in large sets of complex policies automatically is a difficult and challenging problem. In this paper, we propose a novel method for detecting inconsistency and incompleteness in access control policies with the help of data classification tools well known in data mining. Our proposed method consists of three phases: firstly, we perform parsing on the policy data set; this includes ordering of attributes and normalization of Boolean expressions. Secondly, we generate decision trees with the help of our proposed algorithm, which is a modification of the well-known C4.5 algorithm. Thirdly, we execute our proposed anomaly detection algorithm on the resulting decision trees. The results of the anomaly detection algorithm are presented to the policy administrator who will take remediation measures. In contrast to other known policy validation methods, our method provides means for handling incompleteness, continuous values and complex Boolean expressions. In order to demonstrate the efficiency of our method in discovering inconsistencies, incompleteness and redundancies in access control policies, we also provide a proof-of-concept implementation. [ABSTRACT FROM AUTHOR]

Published

2017

46. Feedback-assisted MAC protocol for real time traffic in high rate wireless personal area networks.

Author

Byung-Seo Kim, Sung Kim, Yuguang Fang, and Tan Wong

Subjects

*COMPUTER networks, *ACCESS control, *SECURITY systems, *WIRELESS communications, *NETWORK performance, *ALGORITHMS

Abstract

During the past decade, there has been much standardization effort for indoor or shot-range networks, as communication devices and applications for such networks populate. As a prominent example of these activities, the IEEE 802.15.3 Task Group (TG) published a standard for high-rate wireless personal area network (HR-WPAN). To support strictly timed multimedia services, the TG adopts a time-slotted channel access protocol controlled by a central device (DEV). Although the channel time allocation algorithm plays a key role in deciding the network performance, it remains unspecified in the standard. Therefore, in this paper, we propose a novel feedback-assisted channel time allocation method for HR-WPAN. After initial channel times are allocated based on packet inter-arrival time statistics, the allocation is dynamically adjusted by utilizing feedback information from each DEV. The feedback information includes the buffer status, the packet transmission delay, and the physical transmission rate. By utilizing this feedback information, the central DEV can allocate sufficient channel time for transmissions of pending packets from a DEV. Moreover, the allocated channel times can be synchronized to the packet arrival times so that the overall transmission delay is reduced. To cope with time-varying wireless channels, a dynamic rate selection algorithm assisted by physical layer information is proposed in this paper. Performance evaluation is carried out through extensive simulations, from which significant performance enhancements are observed. [ABSTRACT FROM AUTHOR]

Published

2010

47. Performance Analysis of Multichannel Medium Access Control Algorithms for Opportunistic Spectrum Access.

Author

Pawełczak, P., Pollin, S., W So, H.-S., Bahai, A. R. S., Prasad, R. V., and Hekmat, R.

Subjects

*MULTICHANNEL communication, *ALGORITHMS, *ACCESS control, *ELECTRIC interference, *TELECOMMUNICATION, *MARKOV processes

Abstract

In this paper, different control channel (CC) implementations for multichannel medium access control (MAC) algorithms are compared and analyzed in the context of opportunistic spectrum access (OSA) as a function of spectrum-sensing performance and licensed user activity. The analysis is based on a discrete Markov chain model of a subset of representative multi-channel OSA MAC classes that incorporates physical layer effects, such as spectrum sensing and fading. The analysis is complemented with extensive simulations. The major observations are given as follows: 1) When the CC is implemented through a dedicated channel, sharing such dedicated channel with the licensed user does not significantly decrease the throughput achieved by the OSA network when the data packet sizes are sufficiently large or the number of considered data channels is small. 2) Hopping OSA MACs, where the CC is spread over all channels, are less susceptible to licensed user activity than those with a dedicated CC (in terms of both average utilization and on/off times). 3) Scanning efficiency has a large impact on the achievable performance of licensed and OSA users for all analyzed protocols. 4) The multiple rendezvous MAC class, which has yet to be proposed in OSA literature, outperforms all the multichannel MAC designs analyzed in this paper. [ABSTRACT FROM AUTHOR]

Published

2009

48. Edge-RMP: Minimizing administrative assignments for role-based access control.

Author

Vaidya, Jaideep, Atluri, Vijayalakshmi, Guo, Qi, and Lu, Haibing

Subjects

*SOCIAL role, *DYNAMIC programming, *NONLINEAR programming, *ACCESS control, *INTEGER programming, *ALGORITHMS

Abstract

Because of its ease of administration, role-based access control (RBAC) has become the norm to enforcing security in most of today's organizations. For implementing RBAC, it is important to devise a complete and correct set of roles. This task, known as role engineering, has been identified as one of the costliest components in deploying RBAC. A key problem with respect to role engineering is that there is no formal metric for measuring the goodness/interestingness of the devised set of roles. Recently, Vaidya et al. [26], formally define the role mining problem (RMP) as the problem of discovering an optimal set of roles from existing user permissions, and analyze its theoretical bounds. Essentially, given a user-permission assignment (UPA), the basic RMP is to discover the user-role assignment relation (UA) and role-permission assignment relation (PA) such that the number of roles required is minimum. In this paper, we present another interesting and useful problem, called the edge-RMP, with a different minimality objective. The edge-RMP, requires the discovery of a complete and correct set of roles such that the discovered |UA|+|PA| is the minimum possible. Minimal |UA|+|PA| is a useful metric as it would minimize the administrative burden since less number of assignments need to be managed. Although the basic-RMP and the edge-RMP appear to be related problems, we demonstrate with concrete examples that they are, in fact, independent of each other. We prove that the edge-RMP is an NP-hard problem by reducing the known “vertex cover problem” to the decision version of the edge-RMP. Another important contribution of this paper is to provide a binary integer programming solution to this problem by showing that the edge-RMP can be formulated in that form. As a result, one can directly borrow existing implementation solutions for binary integer programming and guide further research in this direction. We also propose a heuristic solution for large scale problems, and experimentally validate our algorithm. [ABSTRACT FROM AUTHOR]

Published

2009

49. Applying Semantic Knowledge to Real-Time Update of Access Control Policies.

Author

Ray, Indrakshi

Subjects

*TRANSACTION systems (Computer systems), *COMPUTER security, *ACCESS control, *ALGORITHMS, *REAL-time computing, *DOCUMENTATION

Abstract

Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. Updating policies while they are in effect can lead to potential security problems, such as, access to database objects by unauthorized users. In this paper, we propose several algorithms that not only prevent such security breaches but also ensure the correctness of execution. The algorithms differ from each other in the degree of concurrency provided and the semantic knowledge used. Of the algorithms presented, the most concurrency is achieved when transactions are decomposed into atomic steps. Once transactions are decomposed, the atomicity, consistency, and isolation properties no longer hold. Since the traditional transaction processing model can no longer be used to ensure the correctness of the execution, we use an alternate semantic-based transaction processing model. To ensure correct behavior, our model requires an application to satisfy a set of necessary properties, namely, semantic atomicity, consistent execution, sensitive transaction isolation, and policy-compliant. We show how one can verify an application statically to check for the existence of these properties. [ABSTRACT FROM AUTHOR]

Published

2005

50. Random-Access Control Mechanisms Using Adaptive Traffic Load in ALOHA and CSMA Strategies for EDGE.

Author

Rivero-Ángeles, Mario E., Lara-Rodríguez, Domingo, and Cruz-Pérez, Felipe A.

Subjects

*COMPUTER security, *SECURITY systems, *ALGORITHMS, *ACCESS control, *DATA protection, *ELECTRONIC surveillance

Abstract

In this paper, three random access control mechanisms based on the well-known Slotted ALOHA, NP-CSMA, and 1P-CSMA protocols are presented. The basic idea is to limit the number of transmissions and retransmissions at high traffic loads in order to minimize collisions while keeping system stability. A new medium-access control protocol called Adaptive "fraflic Load (ATL) is proposed. With ATL, all users are assigned authorization of transmission probabilities that vary according to the prevailing average traffic conditions in the system. ATL ensures that the system throughput is kept constant at its maximum value regardless of the traffic load. A mathematical analysis to calculate the probability density function of the access delay in the ATL protocol under the assumption of infinite user population is also presented. Mean access delay follows increases exponentially with respect to the traffic load when conventional random access protocols are used. However, it follows a linear function with respect to the traffic load when ATL is used. The average traffic load of the system is an input of the ATL protocol in order to assign access authorization probabilities to all users attempting to access the network. A simple algorithm for traffic load estimation based on the probability of finding empty slots in the system within an estimation period is proposed in this paper to asses the average traffic load. In the numerical evaluations of ATL, the Enhanced Data for GSM Evolution (EDGE) system is considered as a case study. For high arrival rates, channel utilization can be low in EDGE even if the system has sufficient capacity to serve incoming data users. A mathematical analysis of ATL-Slotted ALOHA as well as ATL-CSMA is presented. In the case of ATL-CSMA, system throughput varies according to the cell size. Hence, the ATL protocol is evaluated in picocell, microcell and macrocell environments as recommended by ITU-R. Also, the performance of EDGE is evaluated in terms of average data rate and packet delay for both S-ALOHA and ATL S-ALOHA considering long range dependent traffic type. [ABSTRACT FROM AUTHOR]

Published

2005