Authentication and Authorization with Privacy, 2015, (Part 2)

 

 
SoS Logo

Authentication & Authorization with Privacy, 2015

(Part 2)

 

Authorization and authentication are cornerstones of computer security. As systems become larger, faster, and more complex, authorization and authentication methods and protocols are proving to have limits and challenges. The research cited here explores new methods and techniques for improving security in cloud environments. This work was presented in 2015.




K. Yang, D. Forte and M. M. Tehranipoor, “Protecting Endpoint Devices in IoT Supply Chain,” Computer-Aided Design (ICCAD), 2015 IEEE/ACM International Conference on, Austin, TX, 2015, pp. 351-356. doi: 10.1109/ICCAD.2015.7372591

Abstract: The Internet of Things (IoT), an emerging global network of uniquely identifiable embedded computing devices within the existing Internet infrastructure, is transforming how we live and work by increasing the connectedness of people and things on a scale that was once unimaginable. In addition to increased communication efficiency between connected objects, the IoT also brings new security and privacy challenges. Comprehensive measures that enable IoT device authentication and secure access control need to be established. Existing hardware, software, and network protection methods, however, are designed against fraction of real security issues and lack the capability to trace the provenance and history information of IoT devices. To mitigate this shortcoming, we propose an RFID-enabled solution that aims at protecting endpoint devices in IoT supply chain. We take advantage of the connection between RFID tag and control chip in an IoT device to enable data transfer from tag memory to centralized database for authentication once deployed. Finally, we evaluate the security of our proposed scheme against various attacks.

Keywords: Internet of Things; authorisation; data privacy; production engineering computing; radiofrequency identification; supply chain management; Internet infrastructure; Internet of things; IoT device authentication; IoT supply chain; RFID tag; RFID-enabled solution; centralized database; communication efficiency; control chip; data transfer; endpoint device protection; privacy challenges; secure access control; security challenges; security issues; uniquely identifiable embedded computing devices; Authentication; Hardware; Internet; Privacy; Radiofrequency identification; Supply chains; Authentication; Endpoint Device; Internet of Things (IoT); Supply Chain Security; Traceability (ID#: 16-9738)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7372591&isnumber=7372533

 

M. Guerar, M. Migliardi, A. Merlo, M. Benmohammed and B. Messabih, “A Completely Automatic Public Physical Test to Tell Computers and Humans Apart: A Way to Enhance Authentication Schemes in Mobile Devices,” High Performance Computing & Simulation (HPCS), 2015 International Conference on, Amsterdam, 2015, pp. 203-210. doi: 10.1109/HPCSim.2015.7237041

Abstract: Nowadays, data security is one of the most - if not the most important aspects in mobile applications, web and information systems in general. On one hand, this is a result of the vital role of mobile and web applications in our daily life. On the other hand, though, the huge, yet accelerating evolution of computers and software has led to more and more sophisticated forms of threats and attacks which jeopardize user's credentials and privacy. Today's computers are capable of automatically performing authentication attempts replaying recorded data. This fact has brought the challenge of access control to a whole new level, and has urged the researchers to develop new mechanisms in order to prevent software from performing automatic authentication attempts. In this research perspective, the Completely Automatic Public Turing test to tell Computers and Humans Apart (CAPTCHA) has been proposed and widely adopted. However, this mechanism consists of a cognitive intelligence test to reinforce traditional authentication against computerized attempts, thus it puts additional strain on the legitimate user too and, quite often, significantly slows the authentication process. In this paper, we introduce a Completely Automatic Public Physical test to tell Computers and Humans Apart (CAPPCHA) as a way to enhance PIN authentication scheme for mobile devices. This test does not introduce any additional cognitive strain on the user as it leverages only his physical nature. We prove that the scheme is even more secure than CAPTCHA and our experiments show that it is fast and easy for users.

Keywords: Turing machines; authorisation; cognition; data privacy; mobile computing; CAPPCHA; CAPTCHA; Completely Automatic Public Physical test to tell Computers and Humans Apart; PIN authentication scheme; Web systems; authentication schemes; cognitive intelligence test; completely automatic public Turing test to tell computers and humans apart; completely automatic public physical test; information systems; mobile applications; mobile devices; user credentials; user privacy; Authentication; CAPTCHAs; Computers; Sensors; Smart phones (ID#: 16-9739)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7237041&isnumber=7237005

 

D. ElMenshawy, “Touchscreen Patterns Based Authentication Approach for Smart Phones,” Science and Information Conference (SAI), 2015, London, 2015, pp. 1311-1315. doi: 10.1109/SAI.2015.7237312

Abstract: Recently, smart phones have been used not only for communication, but also for, storing confidential and business information. As a result, the theft or hacking of a mobile phone can lead to disastrous implications, such as intrusion of privacy and monetary loss. In this paper, the application of different biometric features for authentication in smart phones is presented. Also, the differences between various touchscreen patterns in terms of data capturing and template creation are shown. In the experiments, device orientation and speed are used to present the effectiveness and efficiency of using biometrics for authentication in smart phones. Two applications were implemented to collect the different biometric features. After that, kmeans clustering technique was applied on the collected data and the accuracy was measured. The main conclusion is that biometrics related to touch behavior is feasible to authenticate users.

Keywords: authorisation; biometrics (access control); computer crime; data privacy; message authentication; mobile computing; pattern clustering; smart phones; touch sensitive screens; biometric features; business information storing; confidential information storing; data capturing; device orientation; device speed; hacking; k means clustering technique; mobile phone; monetary loss; privacy intrusion; smart phones; template creation; theft; touchscreen patterns based authentication approach; Accuracy; Authentication; Sensor phenomena and characterization; Smart phones; Authentication; Biometrics; Security; Smart Phones; Touchscreen (ID#: 16-9740)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7237312&isnumber=7237120

 

S. C. Patel, R. S. Singh and S. Jaiswal, “Secure and Privacy Enhanced Authentication Framework for Cloud Computing,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 1631-1634. doi: 10.1109/ECS.2015.7124863

Abstract: Cloud computing is a revolution in information technology. The cloud consumer outsources their sensitive data and personal information to cloud provider's servers which is not within the same trusted domain of data-owner so most challenging issues arises in cloud are data security users privacy and access control. In this paper we also have proposed a method to achieve fine grained security with combined approach of PGP and Kerberos in cloud computing. The proposed method provides authentication, confidentiality, integrity, and privacy features to Cloud Service Providers and Cloud Users.

Keywords: authorisation; cloud computing; data integrity; data privacy; outsourcing; personal information systems; sensitivity; trusted computing; Kerberos approach; PGP approach; access control; authentication features; cloud computing; cloud consumer; cloud provider servers; cloud service providers; cloud users; confidentiality features; data security user privacy; data-owner; information technology; integrity features; personal information outsourcing; privacy enhanced authentication framework; privacy features; secure authentication framework; sensitive data outsourcing; Access control; Authentication; Cloud computing; Cryptography; Privacy; Servers; Cloud computing; Kerberos; Pretty Good Privacy; access control; authentication; privacy; security (ID#: 16-9741)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124863&isnumber=7124722

 

F. Yao, S. Y. Yerima, B. J. Kang and S. Sezer, “Event-Driven Implicit Authentication for Mobile Access Control,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, pp. 248-255. doi: 10.1109/NGMAST.2015.47

Abstract: In order to protect user privacy on mobile devices, an event-driven implicit authentication scheme is proposed in this paper. Several methods of utilizing the scheme for recognizing legitimate user behavior are investigated. The investigated methods compute an aggregate score and a threshold in real-time to determine the trust level of the current user using real data derived from user interaction with the device. The proposed scheme is designed to: operate completely in the background, require minimal training period, enable high user recognition rate for implicit authentication, and prompt detection of abnormal activity that can be used to trigger explicitly authenticated access control. In this paper, we investigate threshold computation through standard deviation and EWMA (exponentially weighted moving average) based algorithms. The result of extensive experiments on user data collected over a period of several weeks from an Android phone indicates that our proposed approach is feasible and effective for lightweight real-time implicit authentication on mobile smartphones.

Keywords: authorisation; data privacy; human computer interaction; message authentication; mobile computing; mobile radio; moving average processes; telecommunication security; trusted computing; EWMA; abnormal activity detection; aggregate score; event-driven implicit authentication scheme; explicitly authenticated access control; exponentially weighted moving average based algorithms; legitimate user behavior recognition; mobile access control; mobile devices; standard deviation; threshold computation; trust level; user interaction; user privacy protection; user recognition rate; Aggregates; Authentication; Browsers; Context; History; Mobile handsets; Training; behavior-based authentication; implicit authentication (ID#: 16-9742)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373251&isnumber=7373199

 

D. Goyal and M. B. Krishna, “Secure Framework for Data Access Using Location Based Service in Mobile Cloud Computing,” 2015 Annual IEEE India Conference (INDICON), New Delhi, 2015, pp. 1-6. doi: 10.1109/INDICON.2015.7443761

Abstract: Mobile Cloud Computing (MCC) extends the services of cloud computing with respect to mobility in cloud and user device. MCC offloads the computation and storage to the cloud since the mobile devices are resource constrained with respect to computation, storage and bandwidth. The task can be partitioned to offload different sub-tasks to the cloud and achieve better performance. Security and privacy are the primary factors that enhance the performance of MCC applications. In this paper we present a security framework for data access using Location-based service (LBS) that acts as an additional layer in authentication process. User having valid credentials in location within the organization are enabled as authenticated user.

Keywords: authorisation; cloud computing; data privacy; message authentication; mobile computing; resource allocation; LBS; MCC; data access; data privacy; location based service; mobile cloud computing; security framework; task partitioning; user authentication process; Cloud computing; Mobile communication; Mobile computing; Organizations; Public key; Cloud Computing; Encryption; Geo-encryption; Location-based Service; Mobile Cloud Computing; Security in MCC (ID#: 16-9743)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7443761&isnumber=7443105

 

N. W. Lo, C. K. Yu and C. Y. Hsu, “Intelligent Display Auto-Lock Scheme for Mobile Devices,” Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, Kaohsiung, 2015, pp. 48-54. doi: 10.1109/AsiaJCIS.2015.30

Abstract: In recent years people in modern societies have heavily relied on their own intelligent mobile devices such as smartphones and tablets to get personal services and improve work efficiency. In consequence, quick and simple authentication mechanisms along with energy saving consideration are generally adopted by these smart handheld devices such as screen auto-lock schemes. When a smart device activates its screen lock mode to protect user privacy and data security on this device, its screen auto-lock scheme will be executed at the same time. Device user can setup the length of time period to control when to activate the screen lock mode of a smart device. However, it causes inconvenience for device users when a short time period is set for invoking screen auto-lock. How to get balance between security and convenience for individual users to use their own smart devices has become an interesting issue. In this paper, an intelligent display (screen) auto-lock scheme is proposed for mobile users. It can dynamically adjust the unlock time period setting of an auto-lock scheme based on derived knowledge from past user behaviors.

Keywords: authorisation; data protection; display devices; human factors; mobile computing; smart phones; authentication mechanisms; data security; energy saving; intelligent display auto-lock scheme; intelligent mobile devices; mobile users; personal services; screen auto-lock schemes; smart handheld devices;  tablets; unlock time period; user behaviors; user convenience; user privacy protection; user security; work efficiency improvement; Authentication; IEEE 802.11 Standards; Mathematical model; Smart phones; Time-frequency analysis; Android platform; display auto-lock; smartphone (ID#: 16-9744)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153935&isnumber=7153836

 

I. M. Abumuhfouz and K. Lim, “Protecting Vehicular Cloud Against Malicious Nodes Using Zone Authorities,” SoutheastCon 2015, Fort Lauderdale, FL, 2015, pp. 1-2. doi: 10.1109/SECON.2015.7132956

Abstract: Vehicle's resources, sensors and in-vehicle's technologies allow it to collect data about its status, driver, surrounding vehicles, roads, etc. Recently, Vehicular Cloud (VC) has emerged as a promising technology that utilizes vehicle's underutilized devices and their data as a main source of decisions for clients such as intelligent transportation system, automakers, third part applications, business companies and others. However, malicious nodes may take advantages of VC weak protection and present threats to their data, resources and services. We study the problem of the malicious nodes in VC and we propose a secure framework that leverages keys management and revocation mechanisms to protect VC against malicious nodes. The framework uses multiple zone authorities, where each one controls a zone (area) consists of road side units (RSUs), vehicles and the clients at that zone. Each zone authority works as a gateway that authenticates the operations of that zone, controls the services' requested and the data flow, and finally preserves the privacy of the vehicles, the clients and the cloud entities involved. Revocation mechanisms are used to generate revoked lists of malicious vehicles and clients implemented using skip lists. The framework efficiently prevents malicious nodes from using the vehicular cloud in light, secure and efficient way.

Keywords: authorisation; cloud computing; data privacy; VC; in-vehicle technologies; keys management mechanism; malicious nodes protection; revocation mechanism; vehicle devices; vehicle resources; vehicle sensors; vehicular cloud protection; zone authority; Authentication; Cloud computing; Companies; Safety; Sensors; Vehicles; Malicious nodes; Revocation; Security in Vehicular cloud; Skip list; Vehicular cloud (ID#: 16-9745)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7132956&isnumber=7132866

 

B. A. Delail and C. Y. Yeun, “Recent Advances of Smart Glass Application Security and Privacy,” 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, 2015, pp. 65-69. doi: 10.1109/ICITST.2015.7412058

Abstract: The recent developments in technology have led to new emerging wearable devices such as Smart Glasses. Usually, consumer electronics devices are designed for the benefits and functionalities they can provide, and the security aspect is incorporated later. In its core, a Smart Glass is based on components available in modern smartphones. This includes the CPU, Sensors and Operating System. Thus would share similar security threats. This paper identifies security threats and privacy issues of the Smart Glass from two different perspectives, as well as propose preliminary solutions to overcome such risks. This includes, a suggested two-factor authentication for smart glasses based on PIN or Voice combined with an Iris scan. The purpose of this work is to examine the current state-of-the-art of smart glasses applications, and analyse existing and potential security and privacy issues. Therefore, we investigate issues from a system perspective, and the users point of view. In addition, we survey existing solutions for each issue.

Keywords: authorisation; data privacy; operating systems (computers); smart phones; wearable computers; CPU; Iris scan; PIN; consumer electronics devices; operating system; privacy issues; security threats; sensors; smart glass application privacy; smart glass application security; smartphones; two-factor authentication; wearable devices; Authentication; Cameras; Glass; Iris recognition; Privacy; Smart phones; Augmented Reality; Internet of Things; Privacy; Security; Smart Glass; Wearable Technology (ID#: 16-9746)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7412058&isnumber=7412034

 

S. V. Baghel and D. P. Theng, “A Survey for Secure Communication of Cloud Third Party Authenticator,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 51-54. doi: 10.1109/ECS.2015.7124959

Abstract: Cloud computing is an information technology where user can remotely store their outsourced data so as enjoy on demand high quality application and services from configurable resources. Using information data exchange, users can be worried from the load of local data storage and protection. Thus, allowing freely available auditability for cloud data storage is more importance so that user gives change to check data integrity through external audit party. In the direction of securely establish efficient third party auditor (TPA), which has next two primary requirements to be met: (1) TPA should able to audit outsourced data without demanding local copy of user outsourced data; (2) TPA process should not bring in new threats towards user data privacy. To achieve these goals this system will provide a solution that uses Kerberos as a Third Party Auditor/ Authenticator, RSA algorithm for secure communication, MD5 algorithm is used to verify data integrity, Data centers is used for storing of data on cloud in effective manner with secured environment and provides Multilevel Security to Database.

Keywords: authorisation; cloud computing; computer centres; data integrity; data protection; outsourcing; public key cryptography; MD5 algorithm; RSA algorithm; TPA; cloud third party authenticator; data centers; data outsourcing; external audit party; information data exchange; information technology; local data protection; local data storage; multilevel security; on demand high quality application; on demand services; secure communication; third party auditor; user data privacy; user outsourced data; Algorithm design and analysis; Authentication; Cloud computing; Heuristic algorithms; Memory; Servers; Cloud Computing; Data center; Multilevel database; Public Auditing; Third Party Auditor (ID#: 16-9747)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124959&isnumber=7124722

 

V. V. Kumar and A. Murugavel, “Ensuring Consistency File Authentication over Encrypted Files in the Cloud,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, 2015, pp. 1-5. doi: 10.1109/ICIIECS.2015.7192941

Abstract: Cloud security becomes the biggest research issue in the today's world where the cloud stored file content access need to be limited to only the authorized users and also it need to be protected from the cloud servers where the file contents are stored. In the existing method, a protocol is introduced which is based on the Deterministic Finite Automata (DFA) authentication which allows a clients to authenticate the server behaviours whether they are involved in any malicious activities are not. However this lacks from the file update, in which it will be complex to update the file contents which are modified and accessed by the clients concurrently. In this work, the fork consistency approach is integrated with the existing protocol to achieve a consistency property.

Keywords: cloud computing; cryptography; finite automata; user interfaces; DFA authentication; cloud security; deterministic finite automata; encrypted files; file authentication; file content access; user authorization; Cloud computing; Conferences; Encryption; Protocols; Servers; BLS scheme; Data privacy; Deterministic Finite Automaton; fork consistency; paillier encryption (ID#: 16-9748)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7192941&isnumber=7192777

 

Y. Iso and T. Saito, “A Proposal and Implementation of an ID Federation that Conceals a Web Service from an Authentication Server,” 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, Gwangiu, 2015,

pp. 347-351. doi: 10.1109/AINA.2015.205

Abstract: Recently, it is becoming more common for a website to authenticate its users with an external identity provider by using Open ID Authentication or Security Assertion Markup Language. However, such authentication schemes tell the identity provider where the user is going. Consequently, for instance, an identity provider can track its users and refuse access to services offered by competitors. In this paper, we propose an authentication method whereby an identity provider cannot track users.

Keywords: Web services; XML; authorisation; ID Federation; OpenID authentication; Web service; authentication method; authentication server; identity provider; security assertion markup language; Authentication; Browsers; Cryptography; Privacy; Servers; Uniform resource locators; Federated identity; OpenID; Single Sign-On (ID#: 16-9749)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097990&isnumber=7097928

 

C. Pavlovski, C. Warwar, B. Paskin and G. Chan, “Unified Framework for Multifactor Authentication,” Telecommunications (ICT), 2015 22nd International Conference on, Sydney, NSW, 2015, pp. 209-213. doi: 10.1109/ICT.2015.7124684

Abstract: The progression towards the use of mobile network devices in all facets of personal, business and leisure activity has created new threats to users and challenges to the industry to preserve security and privacy. Whilst mobility provides a means for interacting with others and accessing content in an easy and malleable way, these devices are increasingly being targeted by malicious parties in a variety of attacks. In addition, web technologies and applications are supplying more function and capability that attracts users to social media sites, e-shopping malls, and for managing finances (banking). The primary mechanism for authentication still employs a username and password based approach. This is often extended with additional (multifactor) authentication tools such as one time identifiers, hardware tokens, and biometrics. In this paper we discuss the threats, risks and challenges with user authentication and present the techniques to counter these problems with several patterns and approaches. We then outline a framework for supplying these authentication capabilities to the industry based on a unified authentication hub.

Keywords: Internet; authorisation; mobile computing; Web applications; Web technologies; authentication capabilities; e-shopping malls; finance management; mobile network devices; multifactor authentication tool; password based approach; social media sites; unified authentication hub; user authentication; username based approach; Authentication; Banking; Biometrics (access control); Business; Mobile communication; Mobile handsets; mobile networks; multifactor authentication; security; unified threat management (ID#: 16-9750)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124684&isnumber=7124639

 

X. Li, Z. Zheng and X. Zhang, “A Secure Authentication and Key Agreement Protocol for Telecare Medicine Information System,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, pp. 275-281. doi: 10.1109/NGMAST.2015.75

Abstract: Telecare Medicine Information System enables patients to get healthcare services at home expediently and efficiently. Authentication and key agreement protocol suited for TMIS protect patient's privacy via the unsecure network. Recently, numerous protocols have been proposed intend to safeguard the communication between patients and server. However, most of them have high computation overhead and security problems. In this paper, we aim to propose a secure and effective authentication and key agreement protocol using smartcard and password for TMIS. The protocol is based on elliptic curve cryptography. Through security analysis we illustrate that our protocol is secure to resist some known attacks and provide user anonymity. Furthermore, by comparing with other related protocols we show our protocol is superior in security and performance aspects.

Keywords: authorisation; cryptographic protocols; data privacy; health care; medical information systems; public key cryptography; telemedicine; Telecare Medicine Information System; elliptic curve cryptography; healthcare services; key agreement protocol; password; patient privacy protection; secure authentication; security analysis; smartcard; Authentication; Elliptic curve cryptography; Elliptic curves; Medical services; Protocols; Servers; authentication; elliptic curve cryptography; key agreement; smartcard (ID#: 16-9751)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373255&isnumber=7373199

 

S. Senthilkumar, M. Viswanatham and M. Vinothini, “HS-TBAC a Highly Secured Token Based Access Control for Outsourced Data in Cloud,” International Confernce on Innovation Information in Computing Technologies, Chennai, 2015, pp. 1-3. doi: 10.1109/ICIICT.2015.7396082

Abstract: Cloud computing is recently developed internet based computing paradigm where ranges of services such as data storage, applications deployment, servers, etc. are delivered over the internet. On the basis of response, cloud allocates the services through internet. The important feature of quality of service in cloud computing is secured way of protecting information over internet. The cloud service provider (CSP) should afford security for the data stored and applications developed over the cloud in terms of Privacy and Access Control. In this paper, we offer an enhanced framework with the advent of Token Generation (TG), Mutual Authentication and Cryptography. We include a secured authentication mechanism among consumer and Registration Authority (RA) in our scheme. Secondly a Token Generator (TG) is utilized for issuing tokens to the consumer for accessing their resources from the cloud depends upon their access privileges.

Keywords: authorisation; cloud computing; cryptography; CSP; HS-TBAC scheme; RA; access control; cloud service provider; cryptography; data privacy; data security; highly secured token based access control; information protection; mutual authentication; quality of service; registration authority; secured authentication mechanism; token generation; Access control; Authentication; Cloud computing; Cryptography; Generators; Servers; Cloud Service Provider; Cryptography; Mutual authentication; Registered Authority (RA); Token Generator (TG) (ID#: 16-9752)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7396082&isnumber=7396045

 

A. Skarmeta, J. L. Hernández-Ramos and J. Bernal Bernabe, “A Required Security and Privacy Framework for Smart Objects,” ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015, Barcelona, 2015, pp. 1-7. doi: 10.1109/Kaleidoscope.2015.7383648

Abstract: The large scale deployment of the Internet of Things (IoT) increases the urgency to adequately address trust, security and privacy issues. We need to see the IoT as a collection of smart and interoperable objects that are part of our personal environment. These objects may be shared among or borrowed from users. In general, they will have only temporal associations with their users and their personal identities. These temporary associations need to be considered while at the same time taking into account security and privacy aspects. In this work, we discuss a selection of current activities being carried out by different standardization bodies for the development of suitable technologies to be deployed in IoT environments. Based on such technologies, we propose an integrated design to manage security and privacy concerns through the lifecycle of smart objects. The presented approach is framed within our ARM-compliant security framework, which is intended to promote the design and development of secure and privacy-aware IoT-enabled services.

Keywords: Internet of Things; data privacy; trusted computing; ARM-compliant security framework; IoT; architectural reference model; privacy framework; smart object; trust issue; Authentication; Authorization; Biological system modeling; Ecosystems; Object recognition; Privacy; Security; Trust (ID#: 16-9753)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7383648&isnumber=7383613

 

K. S. Sang and B. Zhou, “BPMN Security Extensions for Healthcare Process,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 2340-2345. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.346

Abstract: The modelling of healthcare process is inherently complicated due to its multi-disciplinary character. Business Process Model and Notation (BPMN) has been considered and applied to model and demonstrate the flexibility and variability of the activities that involved in healthcare process. However, with the growing usage of digital information and IoT technology in the healthcare system, the issue of information security and privacy becomes the main concern in term of both store and management of electronic health record (EHR). Therefore, it is very important to capture the security requirements at conceptual level in order to identify the security needs in the first place. BPMN is lacking of the ability to model and present security concepts such as confidentiality, integrity, and availability in a suitable way. This will increase the vulnerability of the system and make the future development of security for the system more difficult. In this paper we provide a solution to model the security concepts in BPMN by extending it with new designed security elements, which can be integrated with the BPMN diagram smoothly.

Keywords: business data processing; data integrity; data privacy; electronic health records; health care; security of data; BPMN diagram; BPMN security extensions; EHR data management; EHR data storage; IoT technology; business process model and notation; data availability; data confidentiality; digital information; electronic health record; health care process modelling; information privacy; information security; system vulnerability; Authentication; Authorization; Business; Medical services; Standards; BPMN; Healthcare; Internet of Things; Security Requirement (ID#: 16-9754)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363392&isnumber=7362962

 

T. Ignatenko, “Biometrics in Claim-Based Authentication Framework,” 2015 IEEE 16th International Workshop on Signal Processing Advances in Wireless Communications (SPAWC), Stockholm, 2015, pp. 385-389. doi: 10.1109/SPAWC.2015.7227065

Abstract: Nowadays biometric authentication and identification becomes a part of every-day life. As a result, many services emerge that rely on biometric-based access control. However, from a user point of view, supplying biometric information to many different service providers imposes high privacy and security risks. In this paper we focus on the use of biometrics in a claimed-based authentication framework. The frameworks allows for a limited number of identity providers, thus overcoming the need to supply biometric data to multiple untrustworthy service provides. We argue that in this case we can deploy the information-theoretic framework for privacy-preserving biometric systems for joint authentication and identification studied in Willems and Ignatenko [2010].

Keywords: authorisation; biometrics (access control); data privacy; biometric authentication; biometric identification; biometric information; biometric-based access control; claimed-based authentication framework; identity providers; information-theoretic framework; multiple untrustworthy service; privacy risks; privacy-preserving biometric systems; security risks; service providers; Authentication; Bioinformatics; Biometrics (access control); Databases; Joints; Privacy; Biometric authentication; claim-based authentication; privacy; trust (ID#: 16-9755)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7227065&isnumber=7226983

 

J. L. Fernández-Alemán, A. B. Sánchez García, G. García-Mateos and A. Toval, “Technical Solutions for Mitigating Security Threats Caused by Health Professionals in Clinical Settings,” 2015 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), Milan, 2015, pp. 1389-1392. doi: 10.1109/EMBC.2015.7318628

Abstract: The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Keywords: authorisation; digital libraries; health care; medical computing; medical information systems; professional aspects; security of data; ACM Digital Library; IEEE Digital Library; Internet; ScienceDirect; e-mail; health information system security threats; health professionals; healthcare organization information systems; healthcare professionals; mitigating security threats; password security; portable storage devices; technical safeguards; Authentication; Cryptography; Information systems; Medical services; Printers; Privacy (ID#: 16-9756)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7318628&isnumber=7318236

 

A. Gholami, J. Dowling and E. Laure, “A Security Framework for Population-Scale Genomics Analysis,” High Performance Computing & Simulation (HPCS), 2015 International Conference on, Amsterdam, 2015, pp. 106-114. doi: 10.1109/HPCSim.2015.7237028

Abstract: Biobanks store genomic material from identifiable individuals. Recently many population-based studies have started sequencing genomic data from biobank samples and cross-linking the genomic data with clinical data, with the goal of discovering new insights into disease and clinical treatments. However, the use of genomic data for research has far-reaching implications for privacy and the relations between individuals and society. In some jurisdictions, primarily in Europe, new laws are being or have been introduced to legislate for the protection of sensitive data relating to individuals, and biobank-specific laws have even been designed to legislate for the handling of genomic data and the clear definition of roles and responsibilities for the owners and processors of genomic data. This paper considers the security questions raised by these developments. We introduce a new threat model that enables the design of cloud-based systems for handling genomic data according to privacy legislation. We also describe the design and implementation of a security framework using our threat model for BiobankCloud, a platform that supports the secure storage and processing of genomic data in cloud computing environments.

Keywords: authorisation; bioinformatics; cloud computing; data protection; legislation; BiobankCloud; Europe; biobank-specific laws; clinical data; clinical treatment; cloud computing environments; cloud-based systems; diseases; genomic data cross-linking; genomic data handling; genomic data processing; genomic data sequencing; genomic material storage; population-scale genomic analysis; privacy legislation; security framework; sensitive data protection; threat model; Authentication; Bioinformatics; Computational modeling; Data privacy; Genomics; Privacy; Access Control; Cloud Computing; Security (ID#: 16-9757)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7237028&isnumber=7237005

 

T. S. Fatayer and K. A. A. Timraz, “MLSCPC: Multi-Level Security Using Covert Channel to Achieve Privacy Through Cloud Computing,” Computer Networks and Information Security (WSCNIS), 2015 World Symposium on, Hammamet, 2015, pp. 1-6. doi: 10.1109/WSCNIS.2015.7368307

Abstract: Cloud provider is central processing with shared resources to serve the vendors on demand over the internet where, Cloud model is divided into deployment and service model. In this paper, we address the service model especially privacy where, the privacy allows customers to ensure that their data in cloud not access by unauthorized persons. We implement a novel approach called multi-level security using covert channel to achieve privacy through cloud computing (which we coin it MLSCPC) that enables cloud provider to protect user information from unauthorized persons. We use covert channel to enable cloud provider and customers to communicate in the existence of unauthorized people (e.g. attackers). We have developed a prototype of approach to evaluate its security, feasibility and performance. Our results show that cloud provider can grant customers resources in acceptable time and low computation overhead. Also, attackers don't affect our approach whereby, the cloud provider can grant resources to customers in existent of attackers.

Keywords: authorisation; cloud computing; data protection; MLSCPC; cloud provider; covert channel; data privacy; deployment model; feasibility evaluation; multilevel security; performance evaluation; security evaluation; service model; unauthorized persons; user information protection; Cloud computing; Computational modeling; Data privacy; Privacy; Security; Authentication; Cloud Computing; Covert Channel; Time; Traffic; privacy; security (ID#: 16-9758)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368307&isnumber=7368275

 

N. Bruce, Y. J. Kang, M. Sain and H. J. Lee, “An Approach to Designing a Network Security-Based Application for Communications Safety,” 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Paris, 2015, pp. 1002-1009. doi: 10.1145/2808797.2808808

Abstract: The evolution of digital communication includes both applications and devices running them. In this context, specific applications are needed to enhance a safeguard communication ensuring protection and trust services to the users. The growing need to address privacy concerns when social network data is released for mining purposes has recently led to considerable interest in various network security-based applications. In this paper, we develop an efficiency and adaptive network security-based application to ensure the privacy and data integrity across channel communications. This approach is designed on a model of clustering configuration of the involved members. The cluster members interact with the cluster leader for data exchange and sends to the base station. This scheme provides a strong mutual authentication framework that suits for real heterogeneous wireless applications. In addition, we contribute with a mathematical analysis to the delay and optimization analysis in a clustering topology node-based, also we compared the scheme with existing ones using security standards services. Finally, performance of this scheme is evaluated in term of computation and communication overhead; results show the present framework is efficiency and can be safeguard for Network Security-based applications.

Keywords: authorisation; computer network security; data mining; data privacy; optimisation; pattern clustering; social networking (online); trusted computing; channel communications; cluster leader; cluster members; clustering topology node; communications safety; data exchange; data integrity; digital communication; heterogeneous wireless applications; mathematical analysis; mining purposes; mutual authentication framework; network security-based application; optimization analysis; privacy concerns; safeguard communication; security standards; social network data; trust services; Authentication; Chlorine; Manganese; Protocols; Servers; Wireless sensor networks; algorithms; applications; mutual authentication; network security; protocols (ID#: 16-9759)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403668&isnumber=7403513

 


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.