Your search keyword '"Access Control"' showing total 48,606 results

1. Age Verification Systems Will Be a Personal Identifiable Information Nightmare.

Author

Scheffler, Sarah

Subjects

*AGE verification systems, *ELECTRONIC authentication, *ACCESS control, *INTERNET privacy, *INTERNET privacy laws, *PERSONALLY identifiable information, *RIGHT of privacy, *INTERNET & children

Abstract

The article focuses on how online age verification systems will be a problem for internet privacy. The author discusses new laws that attempt to improve online child safety with an age verification system, the lawsuits that have challenged these laws in Arkansas, Texas, California, Louisiana, and Utah, and how the laws go beyond checking ID, but collecting personally identifiable information (PII).

Published

2024

2. Guide to Attribute Based Access Control (ABAC) definition and considerations

Author

Hu, V. C.

Subjects

Access control, Access control mechanism, Access control model, Access control policy, Attribute based access control (ABAC), Authorization, Privilege

Abstract

Abstract: This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

Published

2014

3. SymboleoAC: An Access Control Model for Legal Contracts

Author

Alfuhaid, Sofana, Anda, Amal Ahmed, Amyot, Daniel, Roveri, Marco, Mylopoulos, John, van der Aalst, Wil, Series Editor, Ram, Sudha, Series Editor, Rosemann, Michael, Series Editor, Szyperski, Clemens, Series Editor, Guizzardi, Giancarlo, Series Editor, Paja, Elda, editor, Zdravkovic, Jelena, editor, Kavakli, Evangelia, editor, and Stirna, Janis, editor

Published

2025

4. Blockchain-Driven Medical Data Shamir Threshold Encryption with Attribute-Based Access Control Scheme

Author

Shen, Wei, Zhou, Qian, Wu, Jiayang, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Barhamgi, Mahmoud, editor, Wang, Hua, editor, and Wang, Xin, editor

Published

2025

5. An Ontology-Based Approach for Handling Inconsistency in Explainable and Prioritized Access Control Models

Author

Laouar, Ahmed, Raboanary, Toky, Benferhat, Salem, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Destercke, Sébastien, editor, Martinez, Maria Vanina, editor, and Sanfilippo, Giuseppe, editor

Published

2025

6. Smart Environments: Information Flow Control in Smart Grids

Author

Anagnostopoulou, Argiro, Gritzalis, Dimitris, Mavridis, Ioannis, Kantas, Panagiotis, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Pitropakis, Nikolaos, editor, and Katsikas, Sokratis, editor

Published

2025

7. Controlled Multi-client Functional Encryption for Flexible Access Control

Author

Zhang, Mingwu, Zhong, Yulu, Wang, Yifei, Wang, Yuntao, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published

2025

8. POP-HIT: Partially Order-Preserving Hash-Induced Transformation for Privacy Protection in Face Recognition Access Control

Author

Dubasi, Yatish, Li, Qinghua, Luu, Khoa, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

9. Enhancing Cross-Device Security with Fine-Grained Permission Control

Author

Hu, Han, Wang, Daibin, Hong, Tailiang, Zhang, Sheng, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

10. Information Security and Cloud Computing

Author

Gupta, Pramod, Sehgal, Naresh Kumar, Acken, John M., Gupta, Pramod, Sehgal, Naresh Kumar, and Acken, John M.

Published

2025

11. Access Control Analysis in Heterogeneous Big Data Management Systems.

Author

Poltavtseva, M. A. and Kalinin, M. O.

Abstract

Big data management systems are in demand today in almost all industries, being also a foundation for artificial intelligence training. The use of heterogeneous polystores in big data systems has led to the fact that tools within the same system have different data granularity and access control models. The harmonization of these components by the security administrator and the implementation of a common access policy are now carried out by hand. This leads to an increasing number of vulnerabilities, which in turn become frequent causes of data leaks. The current situation in the field of automation and analysis of access control in big data systems reveals the lack of automation solutions for polystore-based systems. This paper addresses the problem of automated access control analysis in big data management systems. We formulate and discuss the main contradiction between the requirement of scalability and flexibility of access control and the increased workload on the security administrator, aggravated by the use of different data and access control models in system components. To solve this problem, we propose a new automated method for analyzing security policies based on a graph model, which reduces the number of potential vulnerabilities caused by incorrect management of big data systems. The proposed method uses the data lifecycle model of the system, its current settings, and the required security policy. The use of two-pass analysis (from data sources to data receivers and back) allows us to solve two problems: the analysis of the access control system for potential vulnerabilities and the check for business logic vulnerabilities. As an example, we consider the use of a developed prototype tool for security policy analysis in a big data management system. [ABSTRACT FROM AUTHOR]

Published

2024

12. Bilevel access control and constraint‐aware response provisioning in edge‐enabled software defined network‐internet of things network using the safeguard authentication dynamic access control model.

Author

D S, Sahana and S H, Brahmananda

Subjects

*INTERNET access control, *FORENSIC sciences, *COMPUTER network security, *ACCESS control, *SERVICE level agreements, *BILEVEL programming

Abstract

Summary: By controlling the network, the Internet of Things (IoT)‐connected software‐defined network (SDN) limits the scalability of IoT devices. Since SDN depends on a centralized controller that attackers can easily affect, it is incredibly susceptible to attacks. Secure access control to the SDN controller was the focus of the prior methods for controller scalability and restricted trust management. A framework called Safeguard Authentication Dynamic Access Control (SANDMAC) is suggested to safeguard and offer useful services to enterprises. Authentication confirms legitimacy after all users and applications have been registered. To improve network security, policies let users grant access to account attributes, legal activities, and temporal components. The administrator lessens conflicts between the methods by validating and saving the policies in the database. The services are provided to dependable customers using the forensic‐based investigation algorithm, depending on the quality of service and software level agreements requirements, decreasing reaction times and maximizing resource usage. Performance comparisons between the new and previous efforts are validated using a variety of parameters, and the proposed work is validated using the iFogSim application. According to the findings, SANDMAC significantly raises key performance indicators. SANDMAC specifically keeps false positives at 3.5% and accomplishes a low response time of 60 ms for roughly 800 authorized accesses. SANDMAC is a better option because of these enhancements, which result in longer network lifetimes and more dependable data transmission. [ABSTRACT FROM AUTHOR]

Published

2024

13. A secure VM live migration technique in a cloud computing environment using blowfish and blockchain technology.

Author

Gupta, Ambika, Namasudra, Suyel, and Kumar, Prabhat

Subjects

*VIRTUAL machine systems, *DATA privacy, *ACCESS control, *QUALITY of service, *COMMUNICATION infrastructure

Abstract

Data centres have become the backbone of infrastructure for delivering cloud services. In the emerging cloud computing paradigm, virtual machine (VM) live migration involves moving a running VM across hosts without visible interruption to the client. Security vulnerabilities, resource optimization, and maintaining the quality of service are key issues in live VM migration. Maintaining security in VM live migration is one of the critical concerns. To create a secure environment, this paper proposes a live migration technique using the blowfish cryptographic algorithm for encryption and decryption, along with blockchain technology, to address challenges such as decentralization, data privacy, and VM security. The algorithms, namely key management blowfish encryption (KMBE), access control searchable encryption (ACSE), protected searchable destination server (PSDS), and key expansion blowfish decryption (KEBD), improve security in VM live migration in terms of various parameters such as data centre request servicing time, response time, and data transfer cost. The proposed technique KMBE improves migration cost ($) by 60–70%, ACSE reduces overall energy consumption (w) by 70–80%, PSDS reduces makespan (ms) by 40–50%, and KEBD improves the security in live VM migration by 30–40%. [ABSTRACT FROM AUTHOR]

Published

2024

14. BACP-IeFC: designing blockchain-based access control protocol in IoT-enabled fog computing environment.

Author

Chaurasia, Akhil, Kumar, Alok, and Rao, Udai Pratap

Subjects

*DIGITAL technology, *ELLIPTIC curve cryptography, *COMMUNICATION models, *AUTOMATIC timers, *ENERGY industries, *ACCESS control

Abstract

The increasing number of edge layer devices connected to fog servers in fog computing environments has led to a rise in vulnerable and unauthorized actions. Implementing authorized access control with secure key management is essential to address this issue. As the traditional key management methods rely on third-party involvement, which suffers from drawbacks such as single points of failure and inconsistent key management in centralized architecture, so establishing efficient and secure key management between edge devices while ensuring effective access control is the main challenge in the digital environment. This study introduces a novel Blockchain-Based Access Control Protocol in IoT-Enabled Fog Computing (BACP-IeFC) environment for intra-network, inter-network, and mobile device communication models. The BACP-IeFC protocol eliminates the necessity for third-party intermediaries by leveraging Elliptic Curve Cryptography (ECC) for secure data sharing and hash chains for key pair generation. The BACP-IeFC protocol utilizes session keys generated by fog servers, which are securely recorded on a blockchain, ensuring robust authentication at edge devices. A Permissioned Blockchain is also used for secure key storage at the fog layer. The BACP-IeFC security has undergone comprehensive evaluation, including testing its session key (SK) security under the Real-or-Random (ROR) model, confirming its effectiveness in achieving SK security. An informal security analysis confirms the BACP-IeFC protocol resilience against known attacks. For the formal security verification, the BACP-IeFC protocol utilized the ProVerif security tool, and the results show that it is secure against major attacks. Additionally, the performance analysis of the proposed protocol using MIRACL shows a significant improvement in computation overhead, communication, storage cost, and energy consumption cost compared to existing protocols. The scalability and latency analysis of the BACP-IeFC protocol demonstrates that it supports high scalability with low latency costs. The BACP-IeFC protocol is implemented on Truffle Blockchain using Ethereum 2.0, and a lightweight Proof of Authority (PoA) consensus algorithm demonstrates that the BACP-IeFC protocol significantly outperformed existing protocols in terms of average response time for edge device registration time, authentication time, and block preparation time. [ABSTRACT FROM AUTHOR]

Published

2024

15. Examining nurses' awareness level and compliance between defined and required access levels to core functionalities of hospital information system : an observational and survey study.

Author

Salmanizadeh, Farzad, Ameri, Arefeh, Khajouei, Reza, and Ahmadian, Leila

Abstract

Background: Nurses constitute the largest number of hospital information system (HIS) users. Therefore, their awareness level and access to HIS functions based on their needs are particularly important. The present study aims to determine nurses' access levels to HIS functions and examine the compliance between defined and required access levels to core functionalities of a comprehensive HIS. Methods: This observational and survey study was conducted on nurses using the census method (n = 110) in two phases. In the first phase, nurses' current access levels to core functionalities of the hospitalization management subsystem were identified in HIS. In the second phase, nurses' awareness of defined access levels to HIS functions and compliance with their needs were investigated using a valid and reliable questionnaire (α = 0.90). The data were analyzed by descriptive and analytical statistics (t-test and one-way ANOVA). Results: The hospitalization management subsystem had 57 functions in 6 task groups. The information technology (IT) department enabled nurses to access 35 functions but did not allow them to access 22. 58.0% of the nurses were aware of those 35 functions they had access to, and 35.9% were aware of those 22 functions they needed access to. There was a significant correlation between nurses' awareness of current and defined access levels (p < 0.0001), so the mean defined access levels were 23.42, greater than the mean level of nurses' awareness of their current access to core functionalities. Conclusion: Users' lack of awareness and access to HIS functions more or less than required could reduce user satisfaction, acceptance, and efficiency of optimal use of these systems. Therefore, hospital administrators and policymakers should determine users' access levels based on their needs in accordance with the actual workflow and periodic evaluations. The method used in our study could help policymakers, managers, and staff at the hospital IT department accurately identify users' needs for HIS functions. [ABSTRACT FROM AUTHOR]

Published

2024

16. Blockchain‐IoT: A revolutionary model for secure data storage and fine‐grained access control in internet of things.

Author

Ullah, Zia, Husnain, Ghassan, Mohmand, Muhammad Ismail, Qadir, Mansoor, Alzahrani, Khalid J., Ghadi, Yazeed Yasin, and Alkahtani, Hend Khalid

Abstract

With the rapid expansion of the Internet of Things (IoT), cloud storage has emerged as one of the cornerstones of data management, facilitating ubiquitous access and seamless sharing of information. However, with the involvement of a third party, traditional cloud‐based storage systems are plagued by security and availability concerns, stemming from centralized control and management architectures. A novel blockchain‐IoT model that leverages blockchain technology and decentralized storage mechanisms to address these challenges is presented. The model combines the Ethereum blockchain, interplanetary file system, and attribute‐based encryption to ensure secure and resilient storage and sharing of IoT data. Through an in‐depth exploration of the system architecture and underlying mechanisms, it is demonstrated how the framework decouples storage functionality from resource‐constrained IoT devices, mitigating security risks associated with on‐device storage. In addition, data owners and users can easily exchange data with one another through the use of Ethereum smart contracts, fostering a collaborative environment and providing incentives for data sharing. Moreover, an incentive mechanism powered by the FileCoin cryptocurrency is introduced, which motivates and ensures data sharing transparency and integrity between stakeholders. Furthermore, in the proposed blockchain‐IoT model, the proof‐of‐authority system consensus algorithm has been replaced by a delegated proof‐of‐capacity system, which reduces transaction costs and energy consumption. Using the Rinkby Ethereum official testing network, the proposed model has been demonstrated to be feasible and economical, emphasizing its potential to redefine IoT data management. [ABSTRACT FROM AUTHOR]

Published

2024

17. Informal Land Tenure and Livelihood Resilience in the Chaco Salteño, Argentina.

Author

Collins, Alejandro, Abrams, Jesse, Nuñez Godoy, Cristina C., Núñez-Regueiro, Mauricio M., Peduzzi, Alicia, and Lapegna, Pablo

Subjects

*LAND tenure, *SILVOPASTORAL systems, *SUSTAINABLE development, *ACCESS control, *AGROFORESTRY

Abstract

The Chaco Salteño of Argentina is a global hotspot of land conflict and climate change pressures that, together, threaten the livelihoods of local inhabitants. This study sought to examine the role that formal land tenure and other mechanisms of access to resources play in building resilient livelihoods in the face of multiple stressors. Using a qualitative approach, we analyze the role of mechanisms controlling access to resources in securing the conditions necessary for adaptation. We find that the two primary adaptive mechanisms identified by producers (formalized land tenure and local producers' organizations) vary greatly in their feasibility and contributions to livelihood resilience. We explore these to better understand how they are perceived by producers and the extent to which they are employed. Findings from this study contribute to efforts to advance sustainable development by contextualizing the importance of varied strategies in supporting resilient livelihoods. [ABSTRACT FROM AUTHOR]

Published

2024

18. Genetically optimized TD3 algorithm for efficient access control in the internet of vehicles.

Author

Al-Atawi, Abdullah A.

Subjects

*DEEP reinforcement learning, *REINFORCEMENT learning, *INTERNET access, *GENETIC algorithms, *SUSTAINABILITY

Abstract

The Internet of Vehicles (IoV) is currently experiencing significant development, which has involved the introduction of an efficient Access Control Mechanism (ACM). Reliable access control is evolving into mandatory in order to provide security and efficient transmission within the IoV environment as the volume of vehicles equipped with connectivity continues to expand and they become more incorporated into any number of applications. The primary objective of this research is to develop an ACM for the IoV system based on the use of a Genetically Optimized Twin-Delayed Delayed Deep Deterministic Policy Gradient (TD3) algorithm. The TD3 model modifies access policies to be in line with the current scenario using deep reinforcement learning (Deep RL) techniques. This allows vehicles to make access decisions that are intelligent about the environment in which they are performing. To prevent energy loss while the vehicle is in transit into the client system, the model also emphasizes access based on the vehicle's energy consumption (EC). Finally, with the support of the genetic algorithm (GA), the accuracy of the access control model can be improved by optimizing the high-level parameters in a manner in which they improves efficiency. In order to further enhance the model's environmental sustainability and reliability, the recommended model provides an approach that is both profound and efficient for access control in the constantly changing setting of the IoV. [ABSTRACT FROM AUTHOR]

Published

2024

19. An enhanced and verifiable lightweight authentication protocol for securing the Internet of Medical Things (IoMT) based on CP-ABE encryption.

Author

Jebrane, Jihane and Lazaar, Saiida

Subjects

*COVID-19 pandemic, *ELLIPTIC curves, *INTERNET of things, *ACCESS control, *DATA transmission systems, *NEAR field communication

Abstract

The integration of the Internet of Things into patient monitoring devices has garnered significant attention, especially in response to the COVID-19 pandemic's increased focus on telecare services. However, Internet of Medical Things (IoMT) devices are constrained by computational power, memory, and bandwidth, making them vulnerable to security risks associated with data transmissions over public networks. Effective authentication is essential for safeguarding patient data and preventing unauthorized control of medical sensors. Existing IoMT authentication protocols frequently fall short, exposing critical vulnerabilities such as replay and impersonation attacks. This paper extends our prior work on the Improved Lightweight Authentication Protocol (ILAPU-Q), which is based on elliptic curves and the U-Quark hash function. We enhance the ILAPU-Q scheme and present a more secure authentication protocol for embedded medical devices. This enhancement relies on Ciphertext Policy-Attribute Based Encryption (CP-ABE), enabling data sources to protect information by cryptographically enforcing access policies. Implementing CP-ABE within the Telemedicine Information System framework eliminates the need for secure data transmission or storage at a dedicated location. Comprehensive security evaluations, conducted using AVISPA and Burrows-Abadi-Needham logic (BAN Logic), confirm the protocol's resilience against a broad spectrum of attacks. Moreover, performance assessments reveal significant advancements in computational efficiency, communication overhead, and storage requirements. Notably, our protocol demonstrates an efficiency improvement of approximately 95–98% over other protocols. This substantial improvement in security and performance underscores the practical value and potential of our protocol in advancing IoMT security standards. [ABSTRACT FROM AUTHOR]

Published

2024

20. Time-limited ownership delegation scheme with revocation security for healthcare.

Author

Zhao, Xiaoping and Su, Qianqian

Subjects

*DATA management, *DATA security, *INFORMATION sharing, *MEDICAL personnel, *CLOUD computing

Abstract

Cloud computing is widely used for medical data sharing due to its convenience and scalability in data access. In practice, patients prefer to share their medical data with healthcare professionals in a controlled manner due to the sensitive information it implies. Specifically, patients often delegate data ownership to healthcare professionals for more comprehensive treatment. When patients are cured, they wish to revoke the delegation of data ownership. In this process, data security must be ensured when implementing ownership delegation revocation. However, although schemes have been proposed to support fine-grained access control, existing data-sharing systems do not meet the need for dynamic management of data ownership between doctors and patients, and the security issues posed by revocation of ownership delegation remain unexplored. In response to this problem, we propose a time-limited data ownership delegate system (DLDS system) with revocation security, which enables data owners to flexibly control data sharing according to time and user requirements. We design a time-based prefix tree that can revoke data ownership without compromising patient data privacy. To verify the validity of data ownership delegation in a privacy-preserving manner, we design a new interactive authentication method using the Paillier encryption method and inner product computation to ensure that only authorized users can access the data. Finally, the proposed scenarios were thoroughly discussed and simulated experimentally to assess their safety and effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

21. Rethinking Regulation beyond the Normative Threshold: Mechanisms of Control and Access to the Central Market of Kinshasa.

Author

Mesa, Héritier

Subjects

EQUALITY, ACCESS control, STATE regulation, ECONOMIC activity, MULTIPLICITY (Mathematics)

Abstract

Copyright of Africa Spectrum is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

22. ESPRESSO: A Framework to Empower Search on the Decentralized Web: ESPRESSO: A Framework to Empower...: M. Ragab et al.

Author

Ragab, Mohamed, Savateev, Yury, Oliver, Helen, Tiropanis, Thanassis, Poulovassilis, Alexandra, Chapman, Adriane, and Roussos, George

Abstract

The increasing centralization of the Web raises serious concerns regarding privacy, security, and user autonomy. In response, there has been a renewed interest in the development of secure personal information management systems and a movement towards decentralization. Decentralized personal online data stores (pods) represent a revolutionary example within this movement, built on the W3C's existing guidelines – an approach exemplified by initiatives such as Solid (https://solidproject.org). In the Solid paradigm, individuals store their personal data in pods and have absolute discretion when choosing to grant access to different users and applications. A barrier to the adoption of the pod approach is the predominant reliance on centralized indexes for search functionality in current Web and Web-based systems. This paper introduces the ESPRESSO framework, which is designed to facilitate this new paradigm of large-scale searches within personal data stores while respecting the individual pod owners' data access governance. The current ESPRESSO prototype integrates access control within pod indexes to enhance distributed keyword-based search. ESPRESSO's unique contribution not only enhances search capabilities on the decentralized Web but also paves the way for future explorations in decentralized search technologies. [ABSTRACT FROM AUTHOR]

Published

2024

23. Implementing the principle of least administrative privilege on operating systems: challenges and perspectives.

Author

Billoir, Eddie, Laborde, Romain, Wazan, Ahmad Samer, Rütschlé, Yves, and Benzekri, Abdelmalek

Abstract

With the new personal data protection or export control regulations, the principle of least privilege is mandatory and must be applied even for system administrators. This article explores the different approaches implemented by the main operating systems (namely Linux, Windows, FreeBSD, and Solaris) to control the privileges of system administrators in order to enforce the principle of least privilege. We define a set of requirements to manage these privileges properly, striving to balance adherence to the principle of least privilege and usability. We also present a deep analysis of each administrative privilege system based on these requirements and exhibit their benefits and limitations. This evaluation also covers the efficiency of the currently available solutions to assess the difficulty of performing administrative privileges management tasks. Following the results, the article presents the RootAsRole project, which aims to simplify Linux privilege management. We describe the new features introduced by the project and the difficulties we faced. This concrete experience allows us to highlight research challenges. [ABSTRACT FROM AUTHOR]

Published

2024

24. Efficient and secure confidential transaction scheme based on commitment and aggregated zero-knowledge proofs.

Author

Yong, Wang, Lijie, Chen, Yifan, Wu, and Qiancheng, Wan

Subjects

BLOCKCHAINS, DATA privacy, HIGH technology industries, ACCESS control, TRANSFER functions

Abstract

As a distributed ledger technology, blockchain has broad applications in many areas such as finance, agriculture, and contract signing due to its advantages of being tamperproof and difficult to forge. However, the open nature of blockchain also introduces severe privacy issues, currently cryptocurrency privacy protection solutions under account-based models cannot balance the internal verification time and confidentiality of transactions. In order to improve the confidentiality and efficiency of transactions under the account-based model, this paper proposes an access control anonymous payment scheme based on homomorphic commitment and aggregated zero-knowledge proofs, focusing on the realization of a one-to-many anonymous transfer function, one-to-one transfer function, deposit function and withdraw function, to ensure the privacy of a transaction data while reducing verification time and Gas costs. We evaluated our approach on a proof-of-concept implementation by generating Solidity contracts and implemented some interesting contracts. The experimental results show that this scheme not only consumes lower gas, but also reduces the internal time during transaction generation. In addition, our solution has established a one to many transfer transaction scheme, and the proof verification time after aggregation is constant. Thus the efficiency of this scheme is particularly well suited for the digital finance scenarios. [ABSTRACT FROM AUTHOR]

Published

2024

25. 5G 移动通信网内生微隔离机制.

Author

张芳蕾, 庄小君, 王 悦, 粟 栗, 杜海涛, and 赵洪伟

Subjects

TELECOMMUNICATION systems, 5G networks, TRAFFIC monitoring, TRAFFIC engineering, PROBLEM solving

Abstract

Copyright of Telecommunication Engineering is the property of Telecommunication Engineering and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

26. A multi-phase scalable, communication reliable, and energy efficient MAC (SRE-MAC) protocol for WBAN.

Author

Kumar, Sachin and Verma, Pawan Kumar

Subjects

SPECTRUM allocation, ENERGY levels (Quantum mechanics), K-means clustering, ACCESS control, BODY temperature

Abstract

Spectrum Resource Efficient Medium Access Control (SRE-MAC) is proposed in this work to effectively and efficiently improve access to the communication channels of a WBAN system. Initially, Sensor nodes are collected from the human figure such as pulses, body temperature, and oxygen level. Utilize a multi-objective-based clustering algorithm to categorize sensor nodes based on a range of criteria, such as energy level, proximity to the central processing unit, similarity of physiological data, and QoS from the collected data. From it, the clustering-based K-Means Algorithm & Multi objective is presented. For choosing the best cluster heads, a Sparrow Guided Teaching Learning Optimization (SG-TLO) algorithm is used. Use the Contention Phase (CP) and variable size TDMA slot allotments of the SRE-MAC protocol to distribute spectrum resources among each cluster. Utilize the SG-TLO to identify the best spectrum allocation that balances energy consumption within each cluster, maximizes channel utilization, and reduces interference. After spectrum allocation and optimization, the Transmission Phase (TP) of the SRE-MAC protocol is used by the sensor nodes within each cluster to connect with the central processing unit. The nodes switch to sleep mode during periods of inactivity to save energy and transmit their health packets during their specific assigned time slots. Data from all clusters are acquired by the CPU, which also aggregates and analyses the data. Results of data analysis are used in a kind of context, including research, healing determination, and supervision of healthcare. Utilize performance metrics, such as network throughput, energy consumption, communication reliability, and interference levels, to assess the effectiveness of the clustering and spectrum allocation algorithms. [ABSTRACT FROM AUTHOR]

Published

2024

27. Enhancing Security in Smart Renewable Energy Grids Through Proxy Signcryption Approach.

Author

Patil, Rachana Y., Patil, Yogesh H., Louzazni, Mohamed, Patil, Rajkumar Bhimgonda, Al-Dahidi, Sameer, and Sana Ullah, Jan

Subjects

INTERNET protocols, INTERNET security, RENEWABLE energy sources, ALGORITHMS, CONFIDENTIAL communications

Abstract

The rapid development of smart renewable energy grids (SREGs) has resulted in a vast amount of data that requires efficient access control and secure mechanisms for sharing energy records among stakeholders. This paper proposes a novel approach called the identity‐based proxy signcryption‐based scheme for SREGs (ID‐PSC‐SREGs), which ensures the secure sharing of energy records in SREGs. The ID‐PSC‐SREG scheme integrates the benefits of signature and encryption techniques, merging them into a unified algorithm and providing a comprehensive solution for the confidentiality and authenticity of energy records. Extensive security analysis demonstrates that the scheme achieves provable security against adaptive chosen ciphertext attacks (IND‐ID‐PSC‐SREG‐CCA2) and existential unforgeability against adaptive chosen message attacks (EUF‐ID‐PSC‐SREG‐CMAs) under the decisional Diffie–Hellman problem. In order to further ascertain the security of the ID‐PSC‐SREG scheme, formal verification utilizing the automated validation of internet security protocols and applications (AVISPAs) is performed. The results confirm the scheme's safety under the On‐the‐Fly Model‐Checker (OFMC) and Constraint Logic‐based Attack Searcher (CL‐AtSe). [ABSTRACT FROM AUTHOR]

Published

2024

28. A blockchain-based privacy-preserving and access-control framework for electronic health records management.

Author

Jakhar, Amit Kumar, Singh, Mrityunjay, Sharma, Rohit, Viriyasitavat, Wattana, Dhiman, Gaurav, and Goel, Shubham

Subjects

MANAGEMENT of electronic health records, DATA privacy, PEER-to-peer architecture (Computer networks), ELECTRONIC health records, DISTRIBUTED computing

Abstract

Healthcare data is crucial and sensitive, as it contains absolute information about a patient's medical history, treatments, and actions; this information gets shared among the stakeholders on a routine basis. Patients' information is vital and should be kept accurate, up-to-date, and secret; it should be available only to authorized users. Most of the existing systems are centralized and may breach data privacy. This study mainly focuses on protecting the privacy and security of sensitive healthcare data while sharing with multiple stakeholders. This work presents a privacy-preserving and access-control blockchain-based framework that uses consensus-driven decentralized data management on top of peer-to-peer distributed computing platforms to ensure the privacy, security, accessibility, and integrity of healthcare data. Blockchain technology helps to protect transactions from manipulation due to its features of irreversibility and immutability. Additionally, we thoroughly examine the security requirements afforded by blockchain-enabled systems by incorporating stakeholders like patients, doctors, chemists, and pathology labs as system entities; they can only share information through a proper channel. The proposed framework has been implemented and evaluated using Hyperledger Fabric. We observe that the proposed framework reveals promising benefits in security, regulation compliance, reliability, flexibility, and accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

29. Secure and Lightweight Cluster-Based User Authentication Protocol for IoMT Deployment †.

Author

Su, Xinzhong and Xu, Youyun

Subjects

*ACCESS control, *INTERNET of things, *DETECTORS, *PRIVACY, *SECURITY management

Abstract

Authentication is considered one of the most critical technologies for the next generation of the Internet of Medical Things (IoMT) due to its ability to significantly improve the security of sensors. However, higher frequency cyber-attacks and more intrusion methods significantly increase the security risks of IoMT sensor devices, resulting in more and more patients' privacy being threatened. Different from traditional IoT devices, sensors are generally considered to be based on low-cost hardware designs with limited storage resources; thus, authentication techniques for IoMT scenarios might not be applicable anymore. In this paper, we propose an efficient three-factor cluster-based user authentication protocol (3ECAP). Specifically, we establish the security association between the user and the sensor cluster through fine-grained access control based on Merkle, which perfectly achieves the segmentation of permission. We then demonstrate that 3ECAP can address the privilege escalation attack caused by permission segmentation. Moreover, we further analyze the security performance and communication cost using formal and non-formal security analysis, Proverif, and NS3. Simulation results demonstrated the robustness of 3ECAP against various cyber-attacks and its applicability in an IoMT environment with limited storage resources. [ABSTRACT FROM AUTHOR]

Published

2024

30. Enhancing Iris Authentication for Managing Multiple Cancellations: Leveraging Quotient Filters.

Author

Arepalli, Gopi Suresh and Boobalan, Pakkiri

Subjects

*BIOMETRIC identification, *DATA structures, *DATA security, *MAP design, *ACCESS control

Abstract

Biometric authentication methods have become increasingly popular for their ability to offer secure and convenient access control. However, concerns about the privacy and security of biometric data have arisen. In this study, we present a novel approach to address these concerns by proposing a cancellable biometric encryption technique for secure and format-preserving iris authentication. Our method leverages the Quotient Filter data structure to transform encrypted iris templates into cancellable templates while preserving their original format. We carefully select an appropriate format-preserving encryption algorithm for iris templates and design a mapping scheme to achieve cancellability. To assess the effectiveness and performance of our approach, extensive experiments are conducted. The quantitative results indicate the efficiency and efficacy of our cancellable biometric encryption technique using the Quotient Filter. Our innovation, the Iris Authentication for Multiple Cancelled Instances Using a Quotient Filter (IAMCIQF), demonstrates competitive performance across several key metrics. IAMCIQF achieves a high level of security strength and strikes a balance between security and efficiency in terms of key size, encryption and decryption speeds and storage efficiency when compared to other existing techniques. The quantitative outcomes underscore IAMCIQF's potential as a promising solution for attaining secure and format-preserving iris authentication, addressing critical concerns about biometric data security. [ABSTRACT FROM AUTHOR]

Published

2024

31. An efficient texture descriptor based on local patterns and particle swarm optimization algorithm for face recognition.

Author

Fadaei, Sadegh, Dehghani, Abbas, RahimiZadeh, Keyvan, and Beheshti, Amin

Subjects

*PARTICLE swarm optimization, *HUMAN facial recognition software, *FEATURE extraction, *RECEIVER operating characteristic curves, *ACCESS control

Abstract

Face recognition is used in many applications such as access control, automobile security, criminal identification, immigration, healthcare, cyber security, and so on. Each person has his/her own unique face, so the face can help distinguish people from each other. Feature extraction process plays a fundamental role in accuracy of face recognition, and many algorithms have been presented to extract more informative features from the face image. In this paper, an efficient texture descriptor is proposed based on local information of the face image. In the proposed method, at first, face image is split into several sub-images in such a way that each sub-image includes one of the facial parts such as eyes, nose, and lips. Second, texture features are extracted from each sub-image using a new local pattern descriptor, and then features of sub-images are concatenated to construct feature vector. Finally, the face image is compared to images in a dataset based on a similarity measure. In addition, particle swarm optimization algorithm is used to assign weight to the features of different parts of the face image. To evaluate the proposed algorithm, four face datasets, Yale, ORL, GT and KDEF, are used. Implementation results show that the proposed method outperforms recent methods in terms of accuracy, receiver operating characteristic (ROC) curve, and area under ROC curve. [ABSTRACT FROM AUTHOR]

Published

2024

32. TL-ABKS: Traceable and lightweight attribute-based keyword search in edge–cloud assisted IoT environment.

Author

Varri, Uma Sankararao, Mallick, Debjani, Das, Ashok Kumar, Hossain, M. Shamim, Park, Youngho, and Rodrigues, Joel J.P.C.

Subjects

KEYWORD searching, EDGE computing, INTERNET of things, ACCESS control, CLOUD computing

Abstract

Edge–cloud coordination offers the chance to mitigate the enormous storage and processing load brought on by a massive increase in traffic at the network's edge. Though this paradigm has benefits on a large scale, outsourcing the sensitive data from the smart devices deployed in an Internet of Things (IoT) application may lead to privacy leakage. With an attribute-based keyword search (ABKS), the search over ciphertext can be achieved; this reduces the risk of sensitive data explosion. However, ABKS has several issues, like huge computational overhead to perform multi-keyword searches and tracing malicious users. To address these issues and enhance the performance of ABKS, we propose a novel traceable and lightweight attribute-based keyword search technique in an Edge–cloud-assisted IoT, named TL-ABKS, using edge–cloud coordination. With TL-ABKS, it is possible to do effective multi-keyword searches and implement fine-grained access control. Further, TL-ABKS outsources the encryption and decryption computation to edge nodes to enable its usage to resource-limited IoT smart devices. In addition, TL-ABKS achieves tracing user identity who misuse their secret keys. TL-ABKS is secure against modified secret keys, chosen plaintext, and chosen keyword attacks. By comparing the proposed TL-ABKS with the current state-of-the-art schemes, and conducting a theoretical and experimental evaluation of its performance and credibility, TL-ABKS is efficient. [ABSTRACT FROM AUTHOR]

Published

2024

33. Person Identification Using Temporal Analysis of Facial Blood Flow.

Author

Raia, Maria, Stogiannopoulos, Thomas, Mitianoudis, Nikolaos, and Boulgouris, Nikolaos V.

Subjects

BIOMETRIC identification, BLOOD flow, ACCESS control, BLOOD testing, SECURITY systems, DEEP learning

Abstract

Biometrics play an important role in modern access control and security systems. The need of novel biometrics to complement traditional biometrics has been at the forefront of research. The Facial Blood Flow (FBF) biometric trait, recently proposed by our team, is a spatio-temporal representation of facial blood flow, constructed using motion magnification from facial areas where skin is visible. Due to its design and construction, the FBF does not need information from the eyes, nose, or mouth, and, therefore, it yields a versatile biometric of great potential. In this work, we evaluate the effectiveness of novel temporal partitioning and Fast Fourier Transform-based features that capture the temporal evolution of facial blood flow. These new features, along with a "time-distributed" Convolutional Neural Network-based deep learning architecture, are experimentally shown to increase the performance of FBF-based person identification compared to our previous efforts. This study provides further evidence of FBF's potential for use in biometric identification. [ABSTRACT FROM AUTHOR]

Published

2024

34. Integrating Fuzzy Graph Theory into Cryptography: A Survey of Techniques and Security Applications.

Author

Singh, Rashmi, Khalid, Saifullah, Nishad, D. K., and Ruchira

Subjects

*TECHNOLOGICAL innovations, *WIRELESS sensor networks, *ACCESS control, *IMAGE encryption, *WIRELESS sensor network security, *FUZZY logic, *FUZZY graphs

Abstract

Since the advent of networked systems, fuzzy graph theory has surfaced as a fertile paradigm for handling uncertainties and ambiguities. Among the different modes of handling challenges created by the uncertainties and ambiguities of current networked systems, integrating fuzzy graph theory with cryptography has emerged as the most promising approach. In this regard, this review paper elaborates on potentially studying fuzzy graph-based cryptographic techniques, application perspectives, and future research directions. Since the expressive power of fuzzy graphs allows the cryptographic schemes to handle imprecise information and to enhance security in many domains, several domains have benefited, such as image encryption, key management, and attribute-based encryption. The paper analyzes in depth the research landscape, mainly by focusing on the varied techniques used, such as fuzzy logic for key generation and fuzzy attribute representation for access control policies. A comparison with performance metrics unveils the trade-offs and advantages of different fuzzy graph-based approaches in efficiency, security strength, and computational overhead. Additionally, the survey explores the security applications of fuzzy graph-based cryptography and underpins potential development for secure communication in wireless sensor networks, privacy-preserving data mining, fine-grained access control in cloud computing, and blockchain security. Some challenges and research directions, such as the standardization of fuzzy logic operators, algorithmic optimization, integration with emerging technologies, and exploitation of post-quantum cryptography applications, are also brought out. This review will thus bring insight into this interdisciplinary domain and stimulate further research for the design of more robust, adaptive, and secure cryptographic systems in the wake of rising complexities and uncertainties. [ABSTRACT FROM AUTHOR]

Published

2024

35. Boron Enabled Directed [2+2]‐ and Dearomative [4+2]‐Cycloadditions Initiated by Energy Transfer.

Author

Adak, Souvik, Hazra, Partha Sarathi, Fox, Carter B., and Brown, M. Kevin

Subjects

*PHARMACEUTICAL chemistry, *ACCESS control, *ENERGY transfer, *STEREOCHEMISTRY, *ALLYLAMINES

Abstract

A strategy for the photosensitized [2+2]‐cycloaddition between styrenyl dihaloboranes and unactivated allylamines to access cyclobutylboronates with control of stereochemistry and regiochemistry is presented. The success of the reaction relies on the temporary coordination between in situ generated dihaloboranes and amines under mild reaction conditions. In addition, cyclobutanes with varying substitution patterns have been prepared using N‐heterocycles as directing group. Manipulation of the C−B bond allows for the synthesis of a diverse class of cyclobutanes from simple precursors. Moreover, these reactions lead to the synthesis of complex amines and heteroaromatic compounds, which have significant utility in medicinal chemistry. Finally, a dearomative [4+2]‐cycloaddition of naphthalenes using a boron‐enabled temporary tethering strategy has also been uncovered to synthesize complex 3‐dimensional borylated building blocks. [ABSTRACT FROM AUTHOR]

Published

2024

36. Only you can check my data: certificateless and designed-verifier auditing of multi-cloud storage with faults localization.

Author

Miao, Ying, Miao, Yapeng, and Miao, Xuexue

Subjects

FAULT location (Engineering), ACCESS control, DATA integrity, POWER resources, DATA security

Abstract

To improve the data security and integrity of the outsourced data, storing multiple copies of data on multiple cloud servers is a good way. Many public Provable Data Possession (PDP) schemes in multiple cloud servers have been proposed in recent years. However, in some scenarios, the Data Owner (DO) may not want anyone (e.g. a stranger) to check the integrity of their data. Nevertheless, few schemes consider the fault's location function when the data auditing fails. Another problem is that anyone can make a challenge for the Cloud Server (CS) in the PDP schemes. Some access control strategies are necessary to reduce the waste of computation power resources of the CS. To solve these problems, we propose a certificateless and designed-verifier auditing scheme in multi-cloud storage environments. In our scheme, we utilize certificateless signature combined with a delegation key to achieve designed-verifier auditing. We design a secret Merkle Hash Tree (MHT) to locate the faults of CSs and data blocks. We utilize Zero-Knowledge Proof (ZKP) to achieve access control. Theoretical and experimental evaluation show that the proposed scheme is efficient and practical. [ABSTRACT FROM AUTHOR]

Published

2024

37. Stalk-eyed flies carrying a driving X chromosome compensate by increasing fight intensity.

Author

Paczolt, Kimberly A., Pritchard, Macy E., Welsh, Gabrielle T., Wilkinson, Gerald S., and Reinhardt, Josephine A.

Subjects

X chromosome, MEIOTIC drive, FLY control, ACCESS control, GENETIC variation, DECORATION & ornament

Abstract

Exaggerated ornaments provide opportunities to understand how selection can operate at different levels to shape the evolution of a trait. While these features aid their bearer in attracting mates or fending off competitors, they can also be costly and influenced by the environment and genetic variation. The eyestalks of the stalk-eyed fly, Teleopsis dalmanni, are of interest because eyestalk length is the target of both intra- and intersexual selection and is also reduced by loci on a highly-divergent sex ratio X chromosome (XSR), a meiotic driver accounting for up to 30% of wild X chromosomes. Male stalk-eyed flies fight to control access to females and over food using a combination of low-intensity displays and highintensity physical fights. We staged, filmed, and scored contests between pairs of eyespan-matched males to evaluate whether X chromosome type impacts the behavior and outcome of aggressive interactions. While our results broadly match expectations from previous studies, we found that XSR males used more high-intensity behaviors than males carrying a non-driving, standard X chromosome (XST), particularly when their eyestalks were of similar size or smaller than their opponents. Additionally, we found that when XSR males use high-intensity behaviors, they win more bouts than when they use low-intensity behaviors. Taken together, these results suggest that XSR impacts male aggressive behavior to compensate for the shorter eyestalks of XSR males and may help to explain how this selfish chromosome is maintained. [ABSTRACT FROM AUTHOR]

Published

2024

38. Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing †.

Author

Wu, Hao, Liu, Yu, Zhu, Konglin, and Zhang, Lin

Subjects

*DATA privacy, *DATABASES, *COMPUTER systems, *BOOLEAN searching, *DISCLOSURE, *ACCESS control, *BLOCKCHAINS

Abstract

With the development of the data-sharing system in recent years, financial management systems and their privacy have sparked great interest. Existing financial data-sharing systems store metadata, which include a hash value and database index on the blockchain, and store high-capacity actual data in the center database. However, current data-sharing systems largely depend on centralized systems, which are susceptible to distributed denial-of-service (DDoS) attacks and present a centralized attack vector. Furthermore, storing data in a local center database has a high risk of information disclosure and tampering. In this paper, we propose the ChainMaker Privacy Computing (CPC) system, a new decentralized data-sharing system for secure financial data, to solve this problem. It provides a series of financial data information and a data structure rather than actual data on the blockchain to protect the privacy of data. We utilize a smart contract to establish a trusted platform for the local database to obtain encrypted data. We design a resource catalog to provide a trusted environment of data usage in the privacy computing system that is visible for members on the blockchain. Based on cipher-policy attribute-based encryption (CP-ABE), We design a CPC-CP-ABE algorithm to enable fine-grained access control through attribute based encryption. Finally, We propose an efficient scheme that allows authenticated data-sharing systems to perform Boolean searches on encrypted data information. The results of experiment show that the CPC system can finish trusted data sharing to all organizations on the blockchain. [ABSTRACT FROM AUTHOR]

Published

2024

39. Privacy-Preserving ConvMixer Without Any Accuracy Degradation Using Compressible Encrypted Images.

Author

Lin, Haiwei, Imaizumi, Shoko, and Kiya, Hitoshi

Subjects

*IMAGE recognition (Computer vision), *TRANSFORMER models, *ACCESS control, *JIGSAW puzzles, *PRIVACY

Abstract

We propose an enhanced privacy-preserving method for image classification using ConvMixer, which is an extremely simple model that is similar in spirit to the Vision Transformer (ViT). Most privacy-preserving methods using encrypted images cause the performance of models to degrade due to the influence of encryption, but a state-of-the-art method was demonstrated to have the same classification accuracy as that of models without any encryption under the use of ViT. However, the method, in which a common secret key is assigned to each patch, is not robust enough against ciphertext-only attacks (COAs) including jigsaw puzzle solver attacks if compressible encrypted images are used. In addition, ConvMixer is less robust than ViT because there is no position embedding. To overcome this issue, we propose a novel block-wise encryption method that allows us to assign an independent key to each patch to enhance robustness against attacks. In experiments, the effectiveness of the method is verified in terms of image classification accuracy and robustness, and it is compared with conventional privacy-preserving methods using image encryption. [ABSTRACT FROM AUTHOR]

Published

2024

40. Secure semi‐automated GDPR compliance service with restrictive fine‐grained access control.

Author

Hashem Eiza, Max, Thong Ta, Vinh, Shi, Qi, and Cao, Yue

Subjects

*GENERAL Data Protection Regulation, 2016, *ACCESS control, *PERSONALLY identifiable information, *DATA protection, *DATA security failures

Abstract

Sharing personal data with service providers is a contentious issue that led to the birth of data regulations such as the EU General Data Protection Regulation (GDPR) and similar laws in the US. Complying with these regulations is a must for service providers. For users, this compliance assures them that their data is handled the way the service provider says it will be via their privacy policy. Auditing service providers' compliance is usually carried out by specific authorities when there is a need to do so (e.g., data breach). Nonetheless, these irregular compliance checks could lead to non‐compliant actions being undetected for long periods. Users need an improved way to make sure their data is managed properly, giving them the ability to control and enforce detailed, restricted access to their data, in line with the policies set by the service provider. This work addresses these issues by providing a secure semi‐automated GDPR compliance service for both users and service providers using smart contracts and attribute‐based encryption with accountability. Privacy policies will be automatically checked for compliance before a service commences. Users can then upload their personal data with restrictive access controls extracted from the approved privacy policy. Operations' logs on the personal data during its full lifecycle will be immutably recorded and regularly checked for compliance to ensure the privacy policy is adhered to at all times. Evaluation results, using a real‐world organization policy and example logs, show that the proposed service achieves these goals with low time overhead and high throughput. [ABSTRACT FROM AUTHOR]

Published

2024

41. Designing efficient patient‐centric smart contracts for healthcare ecosystems with access control capabilities.

Author

Kalita, Kausthav Pratim, Boro, Debojit, and Kumar Bhattacharyya, Dhruba

Subjects

*ACCESS control, *ELECTRONIC health records, *SMART structures, *ACCESS to information, *ELECTRONIC paper

Abstract

Electronic medical records are a patient's digital asset that enhances the information available to doctors for tracking their patients' health. When this information is stored in a secure environment, health examination reports can serve as a dependable repository for thorough observation of a patient's well‐being. However, it is crucial for the owner to have control over access to these repositories. In this scenario, a blockchain ecosystem with appropriate access control mechanisms can help create a distributed and decentralized storage platform to ensure the safety and security of data. Developing cost‐effective smart contracts and creating clear design diagrams to represent them are essential for establishing such an ecosystem. This paper introduces a smart contract for the Ethereum blockchain that allows an owner to maintain control over their data. The paper presents a diagram for visually representing the modules within our smart contract, providing readers with a clearer understanding of the access control techniques utilized in implementing our strategies. Our smart contract offers clinicians a valuable means of accessing historical data to promptly evaluate a patient's health in emergency situations. We showcase its efficacy by illustrating how it streamlines insurance claims, where it verifies the patient's coverage and automatically authorizes medical expense payments. Lastly, a study is presented to showcase an effective method of storing the ingested data within the Ethereum network. The suggested approach allows restrictions on data visibility based on the viewer's accessibility through identity‐based access control achieved using additional structures in smart contracts. These structures store filtered records accessible to users based on their viewing privileges. The simulated test bed results support the efficiency of using smart contracts with additional structures in terms of gas consumption when compared to those that use a single structure for read and write operations. [ABSTRACT FROM AUTHOR]

Published

2024

42. An Efficient Pairing-Free Ciphertext-Policy Attribute-Based Encryption Scheme for Internet of Things.

Author

Guo, Chong, Gong, Bei, Waqas, Muhammad, Alasmary, Hisham, Tu, Shanshan, and Chen, Sheng

Subjects

*INTERNET access control, *ELLIPTIC curves, *DATA security, *INTERNET of things, *CRYPTOGRAPHY

Abstract

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. [ABSTRACT FROM AUTHOR]

Published

2024

43. Research on Network Security Protection Technology Based on P2AEDR in New Low-Voltage Control Scenarios for Power IoT and Other Blockchain-Based IoT Architectures.

Author

Miao, Weiwei, Zhao, Xinjian, Li, Nianzhe, Zhang, Song, Li, Qianmu, and Li, Xiaochao

Subjects

*COMPUTER network security, *ACCESS control, *ELECTRIC power distribution grids, *TRUST, *INTERNET of things, *DEEP learning

Abstract

In the construction of new power systems, the traditional network security protection mainly based on boundary protection belongs to static defense and still relies mainly on manual processing in vulnerability repair, threat response, etc. It is difficult to adapt to the security protection needs in large-scale distributed new energy, third-party aggregation platforms, and flexible interaction scenarios with power grid enterprise systems. It is necessary to conduct research on dynamic security protection models for IoT and other Blockchain-based IoT architectures. This article proposes a network security comprehensive protection model P2AEDR based on different interaction modes of cloud–edge interaction and cloud–cloud interaction. Through continuous trust evaluation, dynamic access control, and other technologies, it strengthens the internal defense capabilities of power grid business, shifting from static protection as the core mode to a real-time intelligent perception and automated response mode, and ultimately achieving the goal of dynamic defense, meeting the security protection needs of large-scale controlled terminal access and third-party aggregation platforms. Meanwhile, this article proposes a dynamic trust evaluation algorithm based on deep learning, which protects the secure access and use of various resources in a more refined learning approach based on the interaction information monitored in the system. Through experimental verification of the dynamic trust evaluation algorithm, it is shown that the proposed model has good trust evaluation performance. Therefore, this research is beneficial for trustworthy Power IoT and other Blockchain-based IoT architectures. [ABSTRACT FROM AUTHOR]

Published

2024

44. Unraveling the multiple facilitative effects of consumers on marine primary producers.

Author

Bracken, Matthew E. S., Bernatchez, Genevieve, Badten, Alexander J., and Chatfield, Rachel A.

Subjects

*ECOLOGICAL integrity, *ECOSYSTEMS, *CONSUMERS, *ACCESS control, *BIOMASS

Abstract

The loss of consumers threatens the integrity of ecological systems, but the mechanisms underlying the effects on communities and ecosystems remain difficult to predict. This is, in part, due to the complex roles that consumers play in those systems. Here, we highlight this complexity by quantifying two mechanisms by which molluscan grazers—typically thought of as consumers of their algal resources—facilitate algae on rocky shores. Initial observations in high‐zone tide pools revealed that both water‐column ammonium concentrations and photosynthetic biomass were higher in pools containing higher densities of grazers, suggesting that local‐scale nutrient recycling by the grazers could be enhancing algal biomass. We assessed this possibility by experimentally manipulating grazer abundances at the level of whole tide pools but controlling access of those grazers to experimental plots within each pool. Contrary to predictions that algal biomass inside grazer exclusions would increase as grazer abundances in the pools increased, we found that algal biomass inside grazer‐exclusion fences was unaffected by grazer abundances. Instead, the consumptive effects of grazers that were evident at low grazer abundances transitioned to facilitative effects as experimentally manipulated grazer abundances increased. This finding suggested that these positive interactions were associated with the physical presence of grazers and not just grazers' effects on nutrient availability. Subsequent experiments highlighted the potential role of "slime"—the pedal mucous trails left behind as the mollusks crawl on the substratum—in promoting the recruitment of algae and thereby mediating a spatial subsidy of new organic matter into the system. Furthermore, different grazer groups contributed disproportionately to ammonium excretion (i.e., turban snails) versus slime production (i.e., littorine snails), suggesting a potential role for grazer diversity. Our work highlights the complex ways in which consumers affect their resources, including multiple, complementary mechanisms by which these grazers facilitate the algae they consume. [ABSTRACT FROM AUTHOR]

Published

2024

45. Business process discovery as a service with event log privacy and access control over discovered models.

Author

de la Fuente-Anaya, Hector A., Marin-Castro, Heidy M., Morales-Sandoval, Miguel, and Garcia-Hernandez, Jose Juan

Subjects

*DATA protection laws, *PROCESS mining, *DATA logging, *SOFTWARE development tools, *INFORMATION storage & retrieval systems, *ACCESS control

Abstract

The information systems supporting business processes of organizations generate and collect a large number of records in event logs that are exploitable in process mining tasks (discovery, conformance and enhancement). Under a Big Data scenario, Process Mining as a Service (PMaaS) can be attractive for organizations to outsource the storage of event logs and the processing resources for process mining tasks to the cloud in the presence of large event logs. However, the Cloud Service Provider (CSP) may be honest but curious, thus posing security and privacy risks when event log data are sensitive or subject to data privacy laws and regulations. In this work, a cryptography-based method is presented that preserves the privacy of event log data outsourced to an untrusted CSP, which executes the process discovery task, the most common task in process mining. The method conveniently encrypts the event log on the data owner's side to enable the CSP to apply access control over the discovered models (encrypted) through proxy re-encryption. The proposed method is implemented as a software tool and validated and evaluated in terms of performance, scalability, and data utility using real medical (sensitive) data logs under recommended security levels. The results demonstrate the feasibility of the proposed approach to support Process Discovery as a Service (PDaaS), which enables privacy preservation and access control. [ABSTRACT FROM AUTHOR]

Published

2024

46. Harnessing the amber waves: U.S. grain embargoes against the Soviet Union and the politics of insecurity, 1975–1980.

Author

Evans, David L.

Subjects

*ECONOMIC sanctions, *INTERNATIONAL relations, *EMBARGO, *POWER resources, *ACCESS control

Abstract

This article examines two grain embargoes the United States implemented against the Soviet Union in 1975 and 1980. Following the economic and political disruptions of the 1970s, and the insecurity these events created for the country, US leaders envisioned grain as a resource power. By controlling access to these commodities, the United States could influence the behaviour of other countries and help restore confidence in its foreign policy. Both embargoes failed to achieve these goals and instead demonstrated the limits of economic coercion in a market system and how domestic politics could impact diplomacy through the reaction of US farmers. [ABSTRACT FROM AUTHOR]

Published

2024

47. Video security in logistics monitoring systems: a blockchain based secure storage and access control scheme.

Author

Chen, Zigang, Liu, Fan, Li, Danlong, Liu, Yuhong, Yang, Xingchun, and Zhu, Haihua

Subjects

*FORENSIC sciences, *DATA security failures, *DATA warehousing, *STORAGE facilities, *DATA transmission systems, *VIDEO surveillance, *ACCESS control

Abstract

With the rapid development of the logistics industry and the continuous growth of e-commerce, effectively monitoring logistics warehouses has become increasingly important to ensure the security of goods and oversee activities within storage facilities. Although current surveillance systems provide a certain level of security for logistics warehouses, they still face issues such as data tampering, storage, and access management. These challenges can compromise the integrity of surveillance video data, making the system vulnerable to unauthorized access. To address these challenges, this paper proposes the implementation of blockchain-based security management and access control of video data in logistics warehouses. Specifically, the solution employs the Hyperledger Fabric consortium blockchain to execute smart contracts and store the hash values of video data, thereby detecting any tampering and enhancing the security and integrity of the data. Additionally, hybrid encryption technology is utilized to ensure the confidentiality of video data during transmission and storage. Furthermore, the solution leverages the InterPlanetary File System (IPFS) for distributed video storage. This not only increases the redundancy and accessibility of data storage but also reduces the risk of single-point failures. A Role-Based Access Control (RBAC) mechanism is also introduced to strictly manage access permissions to video data, ensuring that only authorized users can access the data, thereby effectively preventing unauthorized access and data breaches. Through a comprehensive analysis of computational and communication costs and the evaluation of blockchain performance at 100 transactions per second for different transaction volumes using Hyperledger Caliper, the results demonstrate the effectiveness and efficiency of the proposed method. Compared to current research, this solution exhibits higher security, providing a new approach for the secure management and access control of video data in logistics warehouses. [ABSTRACT FROM AUTHOR]

Published

2024

48. A smart contract-driven access control scheme with integrity checking for electronic health records.

Author

Li, Hongzhi, Li, Dun, and Liang, Wei

Subjects

*ELECTRONIC health records, *MEDICAL records, *ACCESS control

Abstract

The application of healthcare systems has led to an explosive growth in personal electronic health records (EHRs). These EHRs are generated from different healthcare institutions and stored in cloud data centers, respectively. However, data owners lose the authority to control and track their private and sensitive EHRs. In fact, data owners cannot establish rules for EHRs exchanging and sharing, nor can they verify the integrity of EHRs stored in semi-trusted clouds. Hence, an individual-centric access control framework is required to realize data access control. In this study, we construct a data access control framework, which integrates decentralized smart contracts and role-based access control (RBAC) to provide fine-grained data access control services. The key ideas of this schme includes: (1) a fine-grained access control framework for EHRs is proposed to achieve trusted access control; (2) a personalized policies definition mechanism is adopted to achieve patient-centric data access control; (3) a integrity checking mechanism for the shared EHRs is implemented to ensure the availability of medical records. Finally, we analyze the security properties of this scheme and develop a prototype system to evaluate its performance. Both theoretical analysis and experiment results demonstrate that this scheme can provide fine-grained access control and efficient integrity checking services for EHRs. [ABSTRACT FROM AUTHOR]

Published

2024

49. Fully outsourced and fully verifiable attribute-based encryption for cloud data sharing.

Author

Zhao, Xiaolong and Huang, Zhenjie

Subjects

*DATA encryption, *ACCESS control, *INFORMATION sharing, *COST

Abstract

Verifiable outsourced attribute-based encryption (VO-ABE) enables one-to-many data sharing and fine-grained access control under lower trust, making it suitable for cloud or edge systems involving resource-constrained devices. There is no fully outsourced and fully verifiable attribute-based encryption scheme or key-policy VO-ABE scheme. Moreover, the previous VO-ABE schemes require multiple rounds of interaction or high verification costs to support verifiable outsourced key generation and verifiable outsourced encryption. To address these issues, in this paper, we propose an effective key-policy fully outsourced and fully verifiable attribute-based encryption scheme supporting verifiable outsourced key generation, encryption, and decryption simultaneously. We formally define two new properties: outsourced key generation verifiability and outsourced encryption verifiability. Analysis and simulation show that the proposed scheme performs well and is practical. All local computational overheads of the proposed scheme are constant and do not increase with the number of attributes or the complexity of access structures. [ABSTRACT FROM AUTHOR]

Published

2024

50. Securing IoMT Applications: An Approach for Enhancing the Reliability of Security Policies within Cloud Databases.

Author

KSIBI, SONDES, JAIDI, FAOUZI, and BOUHOULA, ADEL

Subjects

DATABASES, ACCESS control, DATA warehousing, ELECTRONIC data processing, DATA security failures

Abstract

Applications of the Internet-of-Things (IoT) in healthcare have a great potential since they bring, in a cost effective manner, supreme solutions to large scale medical-care. The Internet-of-Medical-Things (IoMT) connects patients to caregivers and facilitates remote healthcare capabilities. Regardless of their expansion, especially during the COVID19 pandemic, IoMT applications encounter critical types of security risks. Many research efforts were conducted to help designing reliable E-Health Systems (EHS), but compliance and privacy-preserving solutions for EHS still require a lot of work. To address this requirement, we focus on reliability enhancement of security policies in the context of EHS. We especially deal with risk management within the data processing and storage area, in IoMT systems, composed mainly of cloud/private databases that store confidential medical data. Malicious users and attackers can discover and leak unauthorized data via exploiting authorized information and may expand their rights by using advanced features such as database functional dependencies. In such critical systems, identifying and evaluating risks associated to non authorized accesses and policies misconfigurations is highly required. We address, in this paper, the analysis and the management of the compliance of concrete security policies based on appropriate risk metrics. Our solution enhances a well-established formal verification and validation approach that allows identifying non-compliance anomalies in concrete policies with a quantified risk-assessment approach for evaluating risks. A case of application is presented as an example to illustrate the relevance of our proposal. [ABSTRACT FROM AUTHOR]

Published

2024