Visible to the public Cryptography and Data Security 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Cryptography and Data Security



This collection of articles addresses problems in cryptography and data security related to the Science of Security hard problems of metrics, resilience, composability, and human factors. The work cited here was presented in 2015.

Coulibaly, Y.; Al-Kilany, A.A.I.; Latiff, M.S.A.; Rouskas, G.; Mandala, S.; Razzaque, M.A., “Secure Burst Control Packet Scheme for Optical Burst Switching Networks,” in Broadband and Photonics Conference (IBP), 2015 IEEE International, vol., no.,
pp. 86–91, 23–25 April 2015. doi:10.1109/IBP.2015.7230771
Abstract: Optical networks are the most adequate platform for the transport of ever increasing bandwidth-hungry applications and services (BwGAS). Additionally, these networks cope with the continuous growth of the number of Internet users. Optical Burst Switching (OBS) paradigm is expected to be the backbone infrastructure of near-future all-optical Internet. In OBS, data and control packet known as burst header packet (BHP) are sent out of band (i.e., control packets and data bursts are carried by different channels) and it is sent ahead of the data burst to reserve necessary network resources for the corresponding burst. After the elapse of a predetermined time known as offset time, the data burst is sent with the hope that, the control packet was able to make necessary reservations. Sending the BHP ahead of the burst exposes the burst to different security challenges, particularly data burst redirection and denial of service attacks. If the BHP is compromised the corresponding burst will definitely be compromised. Less efforts have been dedicated to investigate control packet security issues in OBS. In this paper, we propose and evaluate a solution to address Data Burst Redirection (DBR) Attack in OBS networks. The solution is designed based on Rivest-Shamir-Adleman (RSA) public-key encryption algorithm. We evaluated the algorithm via computer simulation. Evaluation metrics are burst loss ratio and throughput. The obtained results demonstrate that, the proposed algorithm has succeeded in protecting the network against DBR attacks reducing the number of compromised BHP. In the future, the authors will work on denial of service issues considering reliability aspects.
Keywords: computer network security; optical burst switching; public key cryptography; telecommunication control; BwGAS; Internet users; Rivest-Shamir-Adleman public-key encryption; backbone infrastructure; bandwidth-hungry applications and services; burst header packet; computer simulation; control packet security; data burst redirection attack; denial of service attacks; optical burst switching networks; secure burst control packet scheme; Computer crime; Optical packet switching; Public key; Receivers; Throughput (ID#: 16-9195)


Dworak, J.; Crouch, A., “A Call to Action: Securing IEEE 1687 and the Need for an IEEE Test Security Standard,” in VLSI Test Symposium (VTS), 2015 IEEE 33rd, vol., no., pp. 1–4, 27–29 April 2015. doi:10.1109/VTS.2015.7116256
Abstract: Today’s chips often contain a wealth of embedded instruments, including sensors, hardware monitors, built-in self-test (BIST) engines, etc. They may process sensitive data that requires encryption or obfuscation and may contain encryption keys and ChipIDs. Unfortunately, unauthorized access to internal registers or instruments through test and debug circuitry can turn design for testability (DFT) logic into a backdoor for data theft, reverse engineering, counterfeiting, and denial-of-service attacks. A compromised chip also poses a security threat to any board or system that includes that chip, and boards have their own security issues. We will provide an overview of some chip and board security concerns as they relate to DFT hardware and will briefly review several ways in which the new IEEE 1687 standard can be made more secure. We will then discuss the need for an IEEE Security Standard that can provide solutions and metrics for providing appropriate security matched to the needs of a real world environment.
Keywords: built-in self test; cryptography; design for testability; reverse engineering; BIST; ChipID; DFT hardware; DFT logic; IEEE 1687; IEEE test security standard; built-in self-test; data theft; denial-of-service attacks; design for testability; embedded instruments; encryption keys; hardware monitors; internal registers; Encryption; Instruments; Microprogramming; Ports (Computers); Registers; Standards; DFT; IEEE Standard; IJTAG; JTAG; LSIB; P1687; lock; scan; security; trap (ID#: 16-9196)


Banerjee, P.; Chatterjee, T.; DasBit, S., “LoENA: Low-Overhead Encryption Based Node Authentication in WSN,” in Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, vol., no., pp. 2126–2132, 10–13 Aug. 2015. doi:10.1109/ICACCI.2015.7275931
Abstract: Nodes in a wireless sensor network (WSN) are susceptible to various attacks primarily due to their nature of deployment and unguarded communication. Therefore, providing security in such networks is of utmost importance. The main challenge to achieve this is to make the security solution light weight so that it is feasible to implement in such resource constrained nodes in WSN. So far, data authentication has drawn more attention than the node authentication in WSN. A robust security solution for such networks must also facilitate node authentication. In this paper, a low overhead encryption based security solution is proposed for node authentication. The proposed node authentication scheme at the sender side consists of three modules viz. dynamic key generation, encryption and embedding of key hint. Performance of the scheme is primarily analyzed by using two suitably chosen parameters such as cracking probability and cracking time. This evaluation guides us in fixing the size of the unique id of a node so that the scheme incurs low-overhead as well as achieves acceptable robustness. The performance is also compared with a couple of recent works in terms of computation and communication overheads and that confirms our scheme’s supremacy over competing schemes in terms of both the metrics.
Keywords: cryptography; probability; wireless sensor networks; LoENA; WSN; cracking probability; cracking time; data authentication; low-overhead encryption based node authentication; wireless sensor network; Authentication; Encryption; Heuristic algorithms; Receivers; Wireless sensor networks; Wireless sensor network; authentication; encryption; sybil attack; tampering
(ID#: 16-9197)


Salve, V.B.; Ragha, L.; Marathe, N., “AODV Based Secure Routing Algorithm Against Sinkhole Attack in Wirelesses Sensor Networks,” in Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, vol., no., pp. 1–7, 5–7 March 2015. doi:10.1109/ICECCT.2015.7226170
Abstract: Wireless sensor Networks consist of small nodes with sensing, computation and wireless communication wireless capabilities. These Networks are used in many applications in military, ecological, and health-related areas. These applications often include the monitoring of sensitive information therefore security is important in WSNs. Routing attacks can have devastating effect on wireless Sensor Network and present a major challenge when designing security mechanisms. Sinkhole attack is the most destructive routing attack for these networks, it enable many other attack. In this type of attack sinkhole node tries to attract data to itself by convincing neighbors through broadcasting fake routing information. This paper present an AODV based secure routing algorithm based on mobile agent for detecting the malicious node in sinkhole attack. The algorithm detects sinkhole node by finding the difference of nodes sequence numbers using threshold value. It also shows performance evaluation of AODV with the enhanced secure routing algorithm and existing secure routing algorithm through simulations, which confirmed the effectiveness and accuracy of the algorithm by considering performance metrics as Throughput, PDR and Packet loss. Simulation is carried out using simulator NS2.
Keywords: routing protocols; telecommunication security; wireless sensor networks; AODV based secure routing algorithm; NS2 simulator; destructive routing attack; fake routing information; malicious node detection; mobile agent; packet loss; performance evaluation; performance metrics; security mechanisms;  Cryptography; Mobile agents; Routing; Wireless sensor networks; AODV; Mobile Agent; Sinkhole Attack; Threshold Value; Wireless sensor Networks (ID#: 16-9198)


Ennahbaoui, M.; Idrissi, H.; El Hajji, S., “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” in Innovations in Information Technology (IIT), 2015 11th International Conference on, vol., no., pp. 314–319, 1–3 Nov. 2015. doi:10.1109/INNOVATIONS.2015.7381560
Abstract: Grid Computing is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.
Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; mobile agents; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring (ID#: 16-9199)


Jain, M.; Lenka, S.K., “Secret Data Transmission Using Vital Image Steganography over Transposition Cipher,” in Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, vol., no., pp. 1026–1029, 8–10 Oct. 2015. doi:10.1109/ICGCIoT.2015.7380614
Abstract: The idea behind this paper describes a modality about secret interface over the globalization of the communication over the world. To accomplish this phenomenon, two varieties of security mechanism, cryptography and steganography is being applied. At the former stage, encryption is being provided to secret plain text using Vernam cipher (One-Time Pad) transposition technique, since Vernam cipher show good performance metrics in terms of less CPU running time, file size same after encryption and strong avalanche effect compare with all transposition cipher. And at the later stage, it transform cipher text into bytes and divides each byte into pairs of bits and assigns the decimal values to each pairs, which is known as master variable, master variable value range will be vary between 0 to 3. Depending upon the master patchy value, add that cipher text in the career image at Least Significant Bit (LSB) 6th and 7th bit location or 7th and 8th bit location or 7th and 6th or 8th and 7th bit location. Which shows the embedding location dynamicity of the algorithm depends upon dynamically changed master variable value. After completion of embedding and sending the stego image to the receiver side, retrieving process of the cipher text from the said locations will be done. And then decryption process to get the secret plain text back will be performed using the Vernam cipher transposition algorithms. In this we provide robust image steganography. Performance analysis observed using MSE and PSNR value.
Keywords: cryptography; image coding; mean square error methods; steganography; LSB; MSE; PSNR; Vernam cipher transposition algorithms; cipher text; image steganography; least significant bit; secret data transmission; secret plain text; security mechanism; stego image; Ciphers; Heuristic algorithms; MATLAB; Payloads; Performance analysis; Yttrium; Vernam cipher; decryption; embedding; encryption (ID#: 16-9200)


Kalaivani, K.; Anjalipriya, V.; Sivakumar, R.; Srimeena, R., “An Efficient Bio-Key Management Scheme for Telemedicine Applications,” in Technological Innovation in ICT for Agriculture and Rural Development (TIAR), 2015 IEEE, vol., no.,
pp. 122–126, 10–12 July 2015. doi:10.1109/TIAR.2015.7358543
Abstract: Medical sensor networks play a vital role for real-time health care monitoring of telemedicine based applications. Telemedicine provide specialized healthcare consultation to patients in remote locations. We use electronic information and communication technologies to provide and support healthcare when the distance separate the participants. In order to ensure the privacy and security of patient’s critical health information, it is essential to provide efficient cryptography scheme. This paper presents a novel Mamdani based Bio-Key Management (MBKM) technique, which assures real time health care monitoring without any overhead. We present the simulation results to show that the proposed MBKM scheme can achieve greater security in terms of performance metrics such as False Match Rate (FMR), False Non Match Rate (FNMR), and Genuine Acceptance Rate (GAR) than other recent existing approaches.
Keywords: biomedical telemetry; body sensor networks; cryptography; data privacy; electrocardiography; electromyography; health care; medical computing; patient monitoring; telemedicine; FMR; FNMR; GAR; MBKM; Mamdani based biokey management technique; communication technologies; cryptography scheme; electronic information; false match rate; false nonmatch rate; genuine acceptance rate; medical sensor networks; patient critical health information privacy; patient critical health information security; performance metrics; real time health care monitoring; real-time health care monitoring; remote locations; specialized healthcare consultation; telemedicine based applications; Electrocardiography; Magnetic resonance; Medical services; Security; Telemedicine; Yttrium; Healthcare; Key Management; Medical sensor networks; security (ID#: 16-9201)


Baokang Zhao; Ziling Wei; Bo Liu; Jinshu Su; Ilsun You, “Providing Adaptive Quality of Security in Quantum Networks,” in Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, vol., no., pp. 440–445, 19–20 Aug. 2015. doi: (not provided)
Abstract: Recently, several Quantum Key Distribution (QKD) networks, such as Tokyo QKD, SECOQC, have been built to evaluate the quantum based OTP (One Time Pad) secure communication. As an ideal unconditional secure technique, OTP requires the key rate the same as the information rate. However, comparing with high speed information traffic (Gbps), the key generation rate of QKD is very poor (Kbps). Therefore, in practical QKD networks, it is difficult to support numerous applications and multiple users simultaneously. To address this issue, we argue that it is more practical to provide quality of security instead of OTP in quantum networks. We further propose ASM, an Adaptive Security Selection Mechanism for quantum networks based on the Analytic Hierarchy Process (AHP). In ASM, services can select an appropriate encryption algorithm that satisfies the proper security level and performance metrics under the limit of the key generation rate. We also implement ASM under our RT-QKD platform, and evaluate its performance. Experimental results demonstrate that ASM can select the optimal algorithm to meet the requirement of security and performance under an acceptable cost.
Keywords: analytic hierarchy process; data privacy; quantum cryptography; telecommunication security; telecommunication traffic; AHP; ASM; OTP; RT-QKD platform; SECOQC; Tokyo; adaptive security selection mechanism; one time pad; quantum key distribution network; secure communication; Algorithm design and analysis; Analytic hierarchy process; Encryption; Information rates; Quantum computing; Real-time systems; Analytic Hierarchy Process; Quality of security; Quantum Key Distribution
(ID#: 16-9202)


Dang Hai Van; Nguyen Dinh Thuc, “A Privacy Preserving Message Authentication Code,” in IT Convergence and Security (ICITCS), 2015 5th International Conference on, vol., no., pp. 1–4, 24–27 Aug. 2015. doi:10.1109/ICITCS.2015.7292927
Abstract: In this paper, we propose a new message authentication code which can preserve privacy of data. The proposed mechanism supports to verify data integrity from only partly information of the original data. In addition, it is proved to be chosen-message-attack secure and privacy-preserving. We also conduct an experiment to compare its computation cost with a hash message authentication code.
Keywords: cryptography; data integrity; data privacy; message authentication; hash message authentication code; privacy of data; privacy preserving message authentication code; Cryptography; Data privacy; Memory; Message authentication; Privacy; Servers (ID#: 16-9203)


Backes, M.; Barbosa, M.; Fiore, D.; Reischuk, R.M., “ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data,” in Security and Privacy (SP), 2015 IEEE Symposium on, vol., no., pp. 271–286, 17–21 May 2015. doi:10.1109/SP.2015.24
Abstract: We study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., The third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general business-to-business interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. In this paper, we formalize the above three-party model, discuss concrete application scenarios, and then we design, build, and evaluate ADSNARK, a nearly practical system for proving arbitrary computations over authenticated data in a privacy-preserving manner. ADSNARK improves significantly over state-of-the-art solutions for this model. For instance, compared to corresponding solutions based on Pinocchio (Oakland’13), ADSNARK achieves up to 25x improvement in proof-computation time and a 20x reduction in prover storage space.
Keywords: computational complexity; cryptography; data privacy; message authentication; trusted computing; ADSNARK; authenticated data; general business-to-business interactions; privacy-preserving proofs; proof-computation time; prover storage space; scalability; smart metering; third party; three-party model; trusted source; usability; wearable computing; Computational modeling; Cryptography; Data privacy; Logic gates; Polynomials; Wires; authentication; privacy (ID#: 16-9204)


Alshinina, R.; Elleithy, K., “An Efficient Message Authentication and Source Privacy with a Hidden Generator Point Based on ECC,” in Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island, vol., no., pp. 1–6, 1–1 May 2015. doi:10.1109/LISAT.2015.7160220
Abstract: Wireless Sensor Networks have been widely used by researchers in different personal and organizational applications. Recently, WSN has become the major focus of researchers to establish a secure network against malicious node. The security of WSN can be subjected to threats by attackers. In order to limit these threats on WSNs, Elliptic Curve Cryptography (ECC) introduces great features such as smaller key size, less parameters, and higher intensity compared with RSA and public key algorithms. In this paper, we proposed an ECC based approach using a unique authentication message and source privacy through a hidden generator point. This scheme contains the initialization phase, registration phase, and authentication phase. These phases were introduced to develop an efficient algorithm, decrease the overhead, and increase the authentication between nodes. The scheme allows many nodes to transfer unlimited messages without any imposed threshold and guarantee the message source privacy.
Keywords: data privacy; message authentication; public key cryptography; wireless sensor networks; ECC; WSN security; authentication phase; elliptic curve cryptography; hidden generator point; initialization phase; malicious node; message source privacy; registration phase; secure network; unique authentication message; wireless sensor networks; Authentication; Elliptic curve cryptography; Generators; Protocols; Receivers; Wireless sensor networks; Anonymous Message. Hidden Generator Point; Authentication; Elliptic curve (EC); Initialization; Registration; Secure Privacy; Shared Secret key; Wireless Sensor Network (WSN) (ID#: 16-9205)


Yunpeng Xiao; Yaru Zhang, “Secure Top-K Query Scheme in Wireless Sensor Networks,” in Software Engineering and Service Science (ICSESS), 2015 6th IEEE International Conference on, vol., no., pp. 516–519, 23–25 Sept. 2015. doi:10.1109/ICSESS.2015.7339110
Abstract: Data privacy preserving in wireless sensor network has attracted more and more attentions. This paper proposes a secure top-k query scheme in wireless sensor networks (STQ). STQ uses symmetric encryption to preserve data privacy. To verify completeness of query result, STQ uses the improved hashed message authentication coding function to create a chaining relationship by binding ordered adjacent data. Theoretical analysis and simulation results confirm the security and efficiency of STQ.
Keywords: cryptography; data privacy; query processing; wireless sensor networks; STQ; data privacy; improved hashed message authentication coding function; secure top-k query scheme; symmetric encryption; wireless sensor networks; Top-k query; Wireless sensor networks; data privacy preserving; improved hashed message authentication coding (ID#: 16-9206)


Surv, N.; Wanve, B.; Kamble, R.; Patil, S.; Katti, J., “Framework for Client Side AES Encryption Technique in Cloud Computing,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 525–528, 12–13 June 2015. doi:10.1109/IADCC.2015.7154763
Abstract: Now a days, cloud computing is most popular network in world. Cloud computing provides resource sharing and online data storage for the end users. In existed cloud computing systems there are many security issues. So, security becomes essential part for the data which is stored on cloud. To solve this problem we have proposed this paper. This paper presents client side AES encryption and decryption technique using secret key. AES encryption and decryption is high secured and fastest technique. Client side encryption is an effective approach to provide security to transmitting data and stored data. This paper proposed user authentication to secure data of encryption algorithm with in cloud computing. Cloud computing allows users to use browser without application installation and access their data at any computer using browser. This infrastructure guaranteed to secure the information in cloud server.
Keywords: cloud computing; message authentication; private key cryptography; resource allocation; storage management; client side AES decryption; client side AES encryption technique; cloud computing systems; cloud server; online data storage; resource sharing; secret key; security issues; user authentication; Ciphers; Cloud computing; Data privacy; Databases; Encryption; AES Algorithm; Cloud Computing; Cloud Security; Cryptography (ID#: 16-9207)


Thomas, M.; Panchami, V., “An Encryption Protocol for End-to-End Secure Transmission of SMS,” in Circuit, Power and Computing Technologies (ICCPCT), 2015 International Conference on, vol., no., pp. 1–6, 19–20 March 2015. doi:10.1109/ICCPCT.2015.7159471
Abstract: Short Message Service (SMS) is a process of transmission of short messages over the network. SMS is used in daily life applications including mobile commerce, mobile banking, and so on. It is a robust communication channel to transmit information. SMS pursue a store and forward way of transmitting messages. The private information like passwords, account number, passport number, and license number are also send through message. The traditional messaging service does not provide security to the message since the information contained in the SMS transmits as plain text from one mobile phone to other. This paper explains an efficient encryption protocol for securely transmitting the confidential SMS from one mobile user to other which serves the cryptographic goals like confidentiality, authentication and integrity to the messages. The Blowfish encryption algorithm gives confidentiality to the message, the EasySMS protocol is used to gain authentication and MD5 hashing algorithm helps to achieve integrity of the messages. Blowfish algorithm utilizes only less battery power when compared to other encryption algorithms. The protocol prevents various attacks, including SMS disclosure, replay attack, man-in-the middle attack and over the air modification.
Keywords: cryptographic protocols; data integrity; data privacy; electronic messaging; message authentication; mobile radio; Blowfish encryption algorithm; SMS disclosure; encryption protocol; end-to-end secure transmission; man-in-the middle attack; message authentication; message confidentiality; message integrity; mobile phone; over the air modification; replay attack; short message service; Authentication; Encryption; Mobile communication; Protocols; Throughput; Asymmetric Encryption; Cryptography; Secure Transmission; Symmetric Encryption (ID#: 16-9208)


Govinda, K.; Prasanna, S., “A Generic Image Cryptography Based on Rubik’s Cube,” in Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, vol., no., pp. 1–4, 25–27 Feb. 2015. doi:10.1109/ICSNS.2015.7292383
Abstract: Security is one of the core areas of study of the IT industry. In this era, where our information represents us, information security is no more a simple non-functional requirement. In order to define and determine security trends and techniques with respect to evolving data that impacts our life every day, Here in this paper we define and design procedures and schemes that provides privacy, security and authenticated data that flows through the network, stored in cloud and the data that is available everywhere all the time serving, homo sapiens by full filling their requirements.
Keywords: cloud computing; cryptography; data privacy; image processing; message authentication; storage management; IT industry; Rubik’s cube; authenticated data; cloud storage; data security; generic image cryptography; information security; nonfunctional requirement; Chaotic communication; Ciphers; Encryption; Signal processing algorithms; Cryptography; Decryption; Encryption; Game of life; Rubik’s Cube (ID#: 16-9209)


Fan Yan; Yang Jian-Wen; Cheng Lin, “Computer Network Security and Technology Research,” in Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on, vol., no., pp. 293–296, 13–14 June 2015. doi:10.1109/ICMTMA.2015.77
Abstract: The rapid development of computer network system brings both a great convenience and new security threats for users. Network security problem generally includes network system security and data security. Specifically, it refers to the reliability of network system, confidentiality, integrity and availability of data information in the system. Network security problem exists through all the layers of the computer network, and the network security objective is to maintain the confidentiality, authenticity, integrity, dependability, availability and audit-ability of the network. This paper introduces the network security technologies mainly in detail, including authentication, data encryption technology, firewall technology, intrusion detection system (IDS), antivirus technology and virtual private network (VPN). Network security problem is related to every network user, so we should put a high value upon network security, try to prevent hostile attacks and ensure the network security.
Keywords: computer viruses; cryptography; data integrity; data privacy; firewalls; message authentication; IDS; VPN; antivirus technology; authentication; computer network security; data encryption technology; data information availability; data information confidentiality; data information integrity; data security; firewall technology; hostile attack prevention; intrusion detection system; network system reliability; technology research; virtual private network; Authentication; Communication networks; Encryption; Firewalls (computing); Virtual private networks; Firewall; Intrusion Detection System; Network Security (ID#: 16-9210)


Kester, Q.-A.; Nana, L.; Pascu, A.C.; Gire, S.; Eghan, J.M.; Quaynor, N.N., “A Security Technique for Authentication and Security of Medical Images in Health Information Systems,” in Computational Science and Its Applications (ICCSA), 2015 15th International Conference on, vol., no., pp. 8–13, 22–25 June 2015. doi:10.1109/ICCSA.2015.8
Abstract: Medical images stored in health information systems, cloud or other systems are of key importance. Privacy and security needs to be guaranteed for such images through encryption and authentication processes. Encrypted and watermarked images in this domain needed to be reversible so that the plain image operated on in the encryption and watermarking process can be fully recoverable due to the sensitivity of the data conveyed in medical images. In this paper, we proposed a fully recoverable encrypted and watermarked image processing technique for the security of medical images in health information systems. The approach is used to authenticate and secure the medical images. Our results showed to be very effective and reliable for fully recoverable images.
Keywords: cryptography; image watermarking; medical image processing; medical information systems; message authentication; authentication process; encrypted image; encryption process; health information system; medical image authentication; medical image security; security technique; watermarked image; watermarking process; Encryption; Information systems; Magnetic resonance imaging; Medical diagnostic imaging; authentication; health information systems; medical images; recoverable; security (ID#: 16-9211)


Khan, M.F.F.; Sakamura, K., “Fine-Grained Access Control to Medical Records in Digital Healthcare Enterprises,” in Networks, Computers and Communications (ISNCC), 2015 International Symposium on, vol., no., pp. 1–6, 13–15 May 2015. doi:10.1109/ISNCC.2015.7238590
Abstract: Adopting IT as an integral part of business and operation is certainly making the healthcare industry more efficient and cost-effective. With the widespread digitalization of personal health information, coupled with big data revolution and advanced analytics, security and privacy related to medical data — especially ensuring authorized access thereto — is facing a huge challenge. In this paper, we argue that a fine-grained approach is needed for developing access control mechanisms contingent upon various environmental and application-dependent contexts along with provision for secure delegation of access-control rights. In particular, we propose a context-sensitive approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view to access control, we effectively address the precursory authentication part as well. The eTRON architecture — which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication — is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance showed promising results.
Keywords: authorisation; cryptography; health care; medical computing; message authentication; DAC-based delegation; RBAC models; access decision; advanced analytics; application-dependent contexts; authorization; big data revolution; context verification; context-sensitive approach; digital healthcare enterprises; discretionary access control models; eTRON architecture; encrypted communication; environmental contexts; fine-grained access control; healthcare industry; medical records; mutual authentication; personal health information; precursory authentication; regulatory standards; role-based access control models; technical standards; Authentication; Authorization; Context; Cryptography; Medical services; DAC; RBAC; access control; authentication; context-awareness; eTRON; healthcare enterprise; security (ID#: 16-9212)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.