Visible to the public Authentication & Authorization with Privacy, 2015, (Part 1)Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Authentication & Authorization with Privacy, 2015

(Part 1)


Authorization and authentication are cornerstones of computer security. As systems become larger, faster, and more complex, authorization and authentication methods and protocols are proving to have limits and challenges. The research cited here explores new methods and techniques for improving security in cloud environments. This work was presented in 2015.

R. Zhang, L. Zhu, C. Xu, and Y. Yi, “An Efficient and Secure RFID Batch Authentication Protocol with Group Tags Ownership Transfer,” 2015 IEEE Conference on Collaboration and Internet Computing (CIC), Hangzhou, 2015, pp. 168-175. doi: 10.1109/CIC.2015.15
Abstract: Tag Authentication is an essential issue in RFID system which is wildly applied in many areas. Compared to the per-tag-based authentication, the batch-mode authentication has better performance for complex applications. However, many existing batch authentication protocols suffer from security and privacy threats, low efficiency problem or high communication and computation cost. In order to solve these problems better, we propose a new RFID batch authentication protocol. In this protocol, tags are grouped and each key in one group shares the same group key. The connection between the group key and the tag’s own key is fully utilized to construct our batch authentication protocol. Meanwhile, based on the proposed batch authentication protocol, we propose a group tags ownership transfer protocol which also supports the tag authorisation recovery. Compared with previous schemes, our scheme achieves stronger security and higher efficiency. In the side of security and privacy, our scheme meets most requirements, such as tag information privacy, forward/backward security, resistance against reply, tracking, and Dos attacks. Then we carry on the theoretical analysis and implement the simulation experiment. Both of them indicate that the performance of our scheme is much efficient than other authentication schemes. Particularly, the simulation results show that the run time of the whole authentication process in our scheme is decreased 20% at least compared with the other existing schemes.
Keywords: cryptographic protocols; data privacy; radiofrequency identification; telecommunication security; Dos attacks; RFID system; backward security; forward security; group tags ownership transfer protocol; privacy threats; secure RFID batch authentication protocol; security threats; tag authentication; tag authorisation recovery; tag information privacy; Authentication; Computer crime; Privacy; Protocols; Radiofrequency identification; Servers; Batch authentication; Ownership transfer; Privacy; RFID; Security (ID#: 16-9714)


M. F. F. Khan and K. Sakamura, “Fine-Grained Access Control to Medical Records in Digital Healthcare Enterprises,” Networks, Computers and Communications (ISNCC), 2015 International Symposium on, Hammamet, 2015, pp. 1-6. doi: 10.1109/ISNCC.2015.7238590
Abstract: Adopting IT as an integral part of business and operation is certainly making the healthcare industry more efficient and cost-effective. With the widespread digitalization of personal health information, coupled with big data revolution and advanced analytics, security and privacy related to medical data—especially ensuring authorized access thereto—is facing a huge challenge. In this paper, we argue that a fine-grained approach is needed for developing access control mechanisms contingent upon various environmental and application-dependent contexts along with provision for secure delegation of access-control rights. In particular, we propose a context-sensitive approach to access control, building on conventional discretionary access control (DAC) and role-based access control (RBAC) models. Taking a holistic view to access control, we effectively address the precursory authentication part as well. The eTRON architecture—which advocates use of tamper-resistant chips equipped with functions for mutual authentication and encrypted communication—is used for authentication and implementing the DAC-based delegation of access-control rights. For realizing the authorization and access decision, we used the RBAC model and implemented context verification on top of it. Our approach closely follows regulatory and technical standards of the healthcare domain. Evaluation of the proposed system in terms of various security and performance showed promising results.
Keywords: authorisation; cryptography; health care; medical computing; message authentication; DAC-based delegation; RBAC models; access decision; advanced analytics; application-dependent contexts; authorization; big data revolution; context verification; context-sensitive approach; digital healthcare enterprises; discretionary access control models; eTRON architecture; encrypted communication; environmental contexts; fine-grained access control; healthcare industry; medical records; mutual authentication; personal health information; precursory authentication; regulatory standards; role-based access control models; technical standards; Authentication; Authorization; Context; Cryptography; Medical services; DAC; RBAC; access control; authentication; context-awareness; eTRON; healthcare enterprise; security (ID#: 16-9715)


A. Upadhyaya and M. Bansal, “Deployment of Secure Sharing: Authenticity and Authorization Using Cryptography in Cloud Environment,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 852-855. doi: 10.1109/ICACEA.2015.7164823
Abstract: Cloud computing is a cost-effective, scalable and flexible model of providing network services to a range of users including individual and business over the Internet. It has brought the revolution in the era of traditional method of storing and sharing of resources. It provides a variety of benefits to its users such as effective and efficient use of dynamically allocated shared resources, economics of scale, availability of resources etc. On the other part, cloud computing presents level of security risks because essential services are often controlled and handled by third party which makes it difficult to maintain data security and privacy and support data and service availability. Since cloud is a collection of machines called servers and all users’ data stored on these machines, it emerges the security issues of confidentiality, integrity and availability. Authentication and authorization for data access on cloud is more than a necessity. Our work attempts to overcome these security challenges. The proposed methodology provides more control of owner on the data stored on cloud by restricting the access to specific user for specific file with limited privileges and for limited time period on the basis of secret key using symmetric as well as asymmetric mechanism. The integrity and confidentiality of data is ensured doubly by not only encrypting the secret key but also to the access permission and limited file information.
Keywords: authorisation; cloud computing; commerce; cryptography; economies of scale; information retrieval; Internet; authenticity; authorization; availability of resources; business; cloud environment; data access; dynamically allocated shared resources; economics of scale; network services; secure sharing; Authorization; Cloud computing; Computational modeling; Computers; Cryptography; Servers; Asymmetric Cryptography; Cloud Computing; Economics of Scale; Scalability; Symmetric Cryptography (ID#: 16-9716)


X. Zhu, Y. Xu, J. Guo, X. Wu, H. Zhu, and W. Miao, “Formal Verification of PKMv3 Protocol Using DT-Spin,” Theoretical Aspects of Software Engineering (TASE), 2015 International Symposium on, Nanjing, 2015, pp. 71-78. doi: 10.1109/TASE.2015.20
Abstract: WiMax (Worldwide Interoperability for Microwave Access, IEEE 802.16) is a standard-based wireless technology, which uses Privacy Key Management (PKM) protocol to provide authentication and key management. Three versions of PKM protocol have been released and the third version (PKMv3) strengthens the security by enhancing the message management. In this paper, a formal analysis of PKMv3 protocol is presented. Both the subscriber station (SS) and the base station (BS) are modeled as processes in our framework. Discrete time describes the lifetime of the Authorization Key (AK) and the Transmission Encryption Key (TEK), which are produced by BS. Moreover, the PKMv3 model is constructed through the discrete-time PROMELA (DT-PROMELA) language and the tool DT-Spin implements the PKMv3 model with lifetime. Finally, we simulate communications between SS and BS and some properties are verified, i.e. liveness, succession and message consistency, which are extracted from PKMv3 and specified using Linear Temporal Logic (LTL) formulae and assertions. Our model provides a basis for further verification of PKMv3 protocol with time characteristic.
Keywords: WiMax; authorisation; computer network security; cryptographic protocols; formal verification; message authentication; private key cryptography; temporal logic; AK; BS; DT-PROMELA language; DT-Spin; DT-spin; IEEE 802.16; LTL; PKM protocol; PKMv3 model; PKMv3 protocol; SS; TEK; WiMax; Worldwide Interoperability for Microwave Access; authentication; authorization key; base station; discrete-time PROMELA language; formal verification; linear temporal logic; message management; privacy key management protocol; security; standard-based wireless technology; subscriber station; third version; transmission encryption key; Authentication; Authorization; Encryption; IEEE 802.16 Standard; Protocols; Discrete-time PROMELA; modeling; verification (ID#: 16-9717)


X. Chen, G. Sime, C. Lutteroth, and G. Weber, “OAuthHub — A Service for Consolidating Authentication Services,” Enterprise Distributed Object Computing Conference (EDOC), 2015 IEEE 19th International, Adelaide, SA, 2015, pp. 201-210. doi: 10.1109/EDOC.2015.36
Abstract: OAuth has become a widespread authorization protocol to allow inter-enterprise sharing of user preferences and data: a Consumer that wants access to a user’s protected resources held by a Service Provider can use OAuth to ask for the user’s authorization for access to these resources. However, it can be tedious for a Consumer to use OAuth as a way to organize user identities, since doing so requires supporting all Service Providers that the Consumer would recognize as users’ “identity providers”. Each Service Provider added requires extra work, at the very least, registration at that Service Provider. Different Service Providers may differ slightly in the API they offer, their authentication/authorization process or even their supported version of OAuth. The use of different OAuth Service Providers also creates privacy, security and integration problems. Therefore OAuth is an ideal candidate for Software as a Service, while posing interesting challenges at the same time. We use conceptual modelling to derive new high-level models and provide an analysis of the solution space. We address the aforementioned problems by introducing a trusted intermediary—OAuth Hub—into this relationship and contrast it with a variant, OAuth Proxy. Instead of having to support and control different OAuth providers, Consumers can use OAuth Hub as a single trusted intermediary to take care of managing and controlling how authentication is done and what data is shared. OAuth Hub eases development and integration issues by providing a consolidated API for a range of services. We describe how a trusted intermediary such as OAuth Hub can fit into the overall OAuth architecture and discuss how it can satisfy demands on security, reliability and usability.
Keywords: cloud computing; cryptographic protocols; API; OAuth service providers; OAuthHub; authentication services; authorization protocol; software as a service; Analytical models; Authentication; Authorization; Privacy; Protocols; Servers (ID#: 16-9718)


W. Ma, K. Sartipi, and M. Sharghigoorabi, “Security Middleware Infrastructure for Medical Imaging System Integration,” 2015 17th International Conference on Advanced Communication Technology (ICACT), Seoul, 2015, pp. 353-357. doi: 10.1109/ICACT.2015.7224818
Abstract: With the increasing demand of electronic medical records sharing, it is a challenge for medical imaging service providers to protect the patient privacy and secure their IT infrastructure in an integrated environment. In this paper, we present a novel security middleware infrastructure for seamlessly and securely linking legacy medical imaging systems, diagnostic imaging web applications as well as mobile applications. Software agent such as user agent and security agent have been integrated into medical imaging domains that can be trained to perform tasks. The proposed security middleware utilizes both online security technologies such as authentication, authorization and accounting, and post security procedures to discover system security vulnerability. By integrating with the proposed security middleware, both legacy system users and Internet users can be uniformly identified and authenticated; access to patient diagnostic images can be controlled based on patient’s consent directives and other access control polices defined at a central point; relevant user access activities can be audited at a central repository; user access behaviour patterns are mined to refine existing security policies. A case study is presented based on the proposed infrastructure.
Keywords: authorisation; data privacy; medical image processing; middleware; software agents; IT infrastructure security; accounting technology; authentication technology; authorization technology; diagnostic imaging Web applications; electronic medical records; information technology; legacy medical imaging systems; medical imaging service providers; medical imaging system integration; mobile applications; patient privacy; security agent; security middleware infrastructure; software agent; system security vulnerability; user agent; Authentication; Authorization; Biomedical imaging; Middleware; Picture archiving and communication systems; Access Control; Agent; Behaviour Pattern; Medical Imaging; Security (ID#: 16-9719)


S. Unger and D. Timmermann, “DPWSec: Devices Profile for Web Services Security,” Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, Singapore, 2015, pp. 1-6. doi: 10.1109/ISSNIP.2015.7106961
Abstract: As cyber-physical systems (CPS) build a foundation for visions such as the Internet of Things (IoT) or Ambient Assisted Living (AAL), their communication security is crucial so they cannot be abused for invading our privacy and endangering our safety. In the past years many communication technologies have been introduced for critically resource-constrained devices such as simple sensors and actuators as found in CPS. However, many do not consider security at all or in a way that is not suitable for CPS. Also, the proposed solutions are not interoperable although this is considered a key factor for market acceptance. Instead of proposing yet another security scheme, we looked for an existing, time-proven solution that is widely accepted in a closely related domain as an interoperable security framework for resource-constrained devices. The candidate of our choice is the Web Services Security specification suite. We analysed its core concepts and isolated the parts suitable and necessary for embedded systems. In this paper we describe the methodology we developed and applied to derive the Devices Profile for Web Services Security (DPWSec). We discuss our findings by presenting the resulting architecture for message level security, authentication and authorization and the profile we developed as a subset of the original specifications. We demonstrate the feasibility of our results by discussing the proof-of-concept implementation of the developed profile and the security architecture.
Keywords: Internet; Internet of Things; Web services; ambient intelligence; assisted living; security of data; AAL; CPS; DPWSec; IoT; ambient assisted living; communication security; cyber-physical system; devices profile for Web services security; interoperable security framework; message level security; resource-constrained devices; Authentication;  Authorization; Cryptography; Interoperability; Web services; Applied Cryptography; Cyber-Physical Systems (CPS); DPWS; Intelligent Environments; Internet of Things (IoT); Usability (ID#: 16-9720)


V. Delgado-Gomes, J. F. Martins, C. Lima, and P. N. Borza, “Smart Grid Security Issues,” 2015 9th International Conference on Compatibility and Power Electronics (CPE), Costa da Caparica, 2015, pp. 534-538. doi: 10.1109/CPE.2015.7231132
Abstract: The smart grid concept is being fostered due to required evolution of the power network to incorporate distributed energy sources (DES), renewable energy sources (RES), and electric vehicles (EVs). The inclusion of these components on the smart grid requires an information and communication technology (ICT) layer in order to exchange information, control, and monitor the electrical components of the smart grid. The two-way communication flows brings cyber security issues to the smart grid. Different cyber security countermeasures need to be applied to the heterogeneous smart grid according to the computational resources availability, time communication constraints, and sensitive information data. This paper presents the main security issues and challenges of a cyber secure smart grid, whose main objectives are confidentiality, integrity, authorization, and authentication of the exchanged data.
Keywords: authorisation; data integrity; distributed power generation; power engineering computing; power system security; renewable energy sources; smart power grids; DES; ICT; RES; computational resources availability; cyber secure smart grid; cyber security; data authentication; data authorization; data confidentiality; data integrity; distributed energy sources; electric vehicles; information and communication technology; power network evolution; renewable energy sources; smart grid security; time communication constraints; two-way communication flow; Computer security; Monitoring; NIST; Privacy; Smart grids; Smart grid; challenges; cyber security; information and communication technology (ICT) (ID#: 16-9721)


V. Oleshchuk, “Constraints Validation in Privacy-Preserving Attribute-Based Access Control,” Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 2015 IEEE 8th International Conference on, Warsaw, 2015, pp. 429-431. doi: 10.1109/IDAACS.2015.7340772
Abstract: Attribute-Based Access Control (ABAC) has been found to be extremely useful and flexible and has drawn a lot of research in recent years. It was observed that in the context of new emerging applications, attributes play an increasingly important role both in defining and enforcing more elaborated and flexible security policies. Recently, NIST has proposed more formal definition of ABAC. In this paper we discuss a general privacy-preserving ABAC model (which combines both authentication and authorization) and propose an approach to handle constraints in such privacy preserving setting.
Keywords: authorisation; constraint handling; data privacy; message authentication; NIST; authentication; authorization; constraints handling; constraints validation; general privacy-preserving ABAC model; privacy-preserving attribute-based access control; security policies; Authentication; Authorization; Context; Privacy; ABAC; access control; attributes; constraints; credentials; privacy; pseudonyms; security (ID#: 16-9722)


Patil Madhubala R., “Survey on Security Concerns in Cloud Computing,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1458-1462. doi: 10.1109/ICGCIoT.2015.7380697
Abstract: Cloud consists of vast number of servers. Cloud contains tremendous amount of information. There are various problems in cloud computing such as storage, bandwidth, environment problems like availability, Heterogeneity, scalability and security problems like reliability and privacy. Though so many efforts are taken to solve these problems there are still some security problems[1]. Ensuring security to this data is important issue in cloud Storage. Cloud computing security can be defined as broad set of technologies, policies and controls deployed to protect applications, data and corresponding infrastructure of cloud computing. Due to tremendous progress in technology providing security to customers data becomes more and more important. This paper will tell the need of third party auditor in security of cloud. This paper will give brief idea about what are the security threats in cloud computing. This paper will analyze the various security objectives such as confidentiality, integrity, authentication, auditing, accountability, availability, authorization. This paper also studies the various data security concerns such as various reconnaissance techniques, denial of service, account cracking, hostile and self-replicating codes, system or network penetration, Buffer overflow, SQL injection attack.
Keywords: cloud computing; security of data; storage allocation; cloud computing security; cloud storage; Cloud computing; Computer crime; Data privacy; Reconnaissance; Servers; Data security concerns; Security objectives; Third party audit; cloud computing 
(ID#: 16-9723)


S. Fugkeaw and H. Sato, “Privacy-Preserving Access Control Model for Big Data Cloud,” 2015 International Computer Science and Engineering Conference (ICSEC), Chiang Mai, 2015, pp. 1-6. doi: 10.1109/ICSEC.2015.7401416
Abstract: Due to the proliferation of advanced analytic applications built on a massive scale of data from several data sources, big data technology has emerged to shift the paradigm of data management. Big data management is usually taken into data outsourcing environment such as cloud computing. According to the outsourcing environment, security and privacy management becomes one of the critical issues for business decision. Typically, cryptographic-based access control is employed to support privacy-preserving authentication and authorization for data outsourcing scenario. In this paper, we propose a novel access control model combining Role-based Access Control (RBAC) model, symmetric encryption, and ciphertext attribute-based encryption (CP-ABE) to support fine-grained access control for big data outsourced in cloud storage systems. We also demonstrate the efficiency and performance of our proposed scheme through the implementation.
Keywords: Big Data; authorisation; cloud computing; cryptography; data privacy; message authentication; outsourcing; CP-ABE; RBAC model; advanced analytic applications; authorization; big data cloud; ciphertext attribute-based encryption;  cloud storage systems; cryptographic-based access control; data management; data outsourcing environment; fine-grained access control; privacy-preserving authentication; role-based access control model; symmetric encryption; Access control; Big data; Cloud computing; Data models; Encryption; Access Control; Cloud Computing; Encryption; RBAC (ID#: 16-9724)


H. Graupner, K. Torkura, P. Berger, C. Meinel, and M. Schnjakin, “Secure Access Control for Multi-Cloud Resources,” Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, Clearwater Beach, FL, 2015, pp. 722-729. doi: 10.1109/LCNW.2015.7365920
Abstract: Privacy, security, and trust concerns are continuously hindering the growth of cloud computing despite its attractive features. To mitigate these concerns, an emerging approach targets the use of multi-cloud architectures to achieve portability and reduce cost. Multi-cloud architectures however suffer several challenges including inadequate cross-provider APIs, insufficient support from cloud service providers, and especially non-unified access control mechanisms. Consequently, the available multi-cloud proposals are unhandy or insecure. This paper proposes two contributions. At first, we survey existing cloud storage provider interfaces. Following, we propose a novel technique that deals with the challenges of connecting modern authentication standards and multiple cloud authorization methods.
Keywords: authorisation; cloud computing; data privacy; storage management; trusted computing; cloud computing; cloud storage provider interfaces; inadequate cross-provider APIs; modern authentication standards; multicloud resources; multiple cloud authorization methods; nonunified access control mechanisms; privacy; secure access control; security; trust concerns; Access control; Authentication; Cloud computing; Containers; Google; Standards; Cloud storage; access control management; data security; multi-cloud systems (ID#: 16-9725)


W. Zhijun and W. Caiyun, “Security-as-a-Service in Big Data of Civil Aviation,” Computer and Communications (ICCC), 2015 IEEE International Conference on, Chengdu, 2015, pp. 240-244. doi: 10.1109/CompComm.2015.7387574
Abstract: In recent years, Civil aviation industry has achieved a rapid development. It produces a large amount of data during the development process, including many confidential data which are related to the civil aviation system, critical information that is about the civil aviation industry development and large amounts of personal privacy data. Civil Aviation network security issues in big data environment have become increasingly prominent, this paper proposes data protection and privacy preserving services architecture based on Civil Aviation Security data, authentication through OpenSSL identity and attribute-based authorization. Finally, the policy achieves access control of big data and ensures the security of Civil Aviation big data.
Keywords: Big Data; aerospace industry; authorisation; data privacy; OpenSSL identity; access control; attribute-based authorization; civil aviation big data security; civil aviation industry development; civil aviation network security; confidential data; data protection; development process; personal privacy data; privacy preserving services architecture; security-as-a-service; Authentication; Authorization; Big data; Ciphers; Protocols; Servers; Civil Aviation; OpenSSL; attribute; big data (ID#: 16-9726)


Y.-k. Lee, J.-d. Lim, Y.-s. Jeon, and J.-n. Kim, “Technology Trends of Access Control in IoT and Requirements Analysis,” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 1031-1033. doi: 10.1109/ICTC.2015.7354730
Abstract: Since IoT devices can cause problems, such as invasion of privacy and threat to our safety, security in IoT is the most important element. IoT is an environment in which various devices to communicate an environment in which various devices communicate with one another without user intervention or with minimal user intervention. Therefore, authentication and access control technology between IoT devices are important element in the IoT security. In this paper, we describe our survey of access control technique in IoT environment and requirements of it.
Keywords: Internet of Things; authorisation; data privacy; formal specification; IoT devices; IoT security; access control; authentication; minimal user intervention; privacy invasion; requirements analysis; safety threat; security threat; Access control; Consumer electronics; Context; Internet; Market research; Servers; IoT security; IoT(Internet of Things); access control in IoT (ID#: 16-9727)


C. Jiang, Y. Pang, and A. Wu, “A Novel Robust Image-Hashing Method for Content Authentication,” Security and Privacy in Social Networks and Big Data (SocialSec), 2015 International Symposium on, Hangzhou, 2015, pp. 22-27. doi: 10.1109/SocialSec2015.15
Abstract: Image hash functions find extensive application in content authentication, database search, and digital forensic. This paper develops a novel robust image-hashing method based on genetic algorithm (GA) and Back Propagation (BP) Neural Network for content authentication. Lifting wavelet transform is used to extract image low frequency coefficients to create the image feature matrix. A GA-BP network model is constructed to generate image-hashing code. Experimental results demonstrate that the proposed hashing method is robust against random attack, JPEG compression, additive Gaussian noise, and so on. Receiver operating characteristics (ROC) analysis over a large image database reveals that the proposed method significantly outperforms other approaches for robust image hashing.
Keywords: Gaussian noise; authorisation; backpropagation; cryptography; data compression; genetic algorithms; image coding; neural nets; sensitivity analysis; wavelet transforms; GA-BP network model; JPEG compression; ROC; additive Gaussian noise; back propagation neural network; content authentication; database search; digital forensic; genetic algorithm; image database; image feature matrix; image hash functions; image low frequency coefficients extract; image-hashing code; lifting wavelet transform; receiver operating characteristics analysis; robust image-hashing method; Authentication; Feature extraction; Genetic algorithms; Robustness; Training; Wavelet transforms; BP network; discrimination; genetic algorithm; image hash (ID#: 16-9728)


V. Beltran and E. Bertin, “Identity Management for Web Business Communications,” Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on, Paris, 2015, pp. 103-107. doi: 10.1109/ICIN.2015.7073814
Abstract: WebRTC brings a wide range of possibilities to corporate communications. Nevertheless, the Web nature of this disruptive technology makes it necessary to deeply study its integration into the protected, closed corporate networks. In particular, Identity Management (IdM) in WebRTC communications should comply with each enterprise’s security and privacy policies. We discuss the key differences between the WebRTC identity model and typical enterprise IdM.
Keywords: Internet; business communication; data privacy; security of data; Web real-time communication; WebRTC communications; WebRTC identity model; corporate communications; enterprise IdM; enterprise privacy policies; enterprise security policies; identity management; protected closed corporate networks; Authentication; Authorization; Business communication; Next generation networking; Protocols; WebRTC; Communications; Enterprise; Identity; Service webification; WebRTC (ID#: 16-9729)


A. Soceanu, M. Vasylenko, A. Egner, and T. Muntean, “Managing the Privacy and Security of eHealth Data,” 2015 20th International Conference on Control Systems and Computer Science, Bucharest, 2015, pp. 439-446. doi: 10.1109/CSCS.2015.76
Abstract: The large scale adoption of mobile medicine, supported by an increasing number of medical devices and remote access to health services, correlated with the continuous involvement of the patients in their own healthcare, led to the emergence of tremendous amounts of clinical data. They need to be securely transferred, archived and accessed. This paper refers to a new approach for protecting the privacy and security of clinical data through the use of a state of the art encryption scheme and attribute-based access control authorization framework. As personal medical records are often used by different entities (e.g. Doctors, pharmacists, nurses, etc.), there is a need for different degrees of authorization access for specific parts of the personal dossier. Appropriate cryptographic tools are presented for allowing partial visibility and valid protection on authorized parts for hierarchical privacy protection of eHealth data. The encryption process relies on ARCANA, a security platform developed at ERISCS research laboratory from University Aix-Marseille. It provides the appropriate cryptographic tools for secure hierarchical access to healthcare data. This ensures that the access of various entities to the healthcare data is accurately and hierarchically controlled. The access control framework used in this research is based on XACML, a standard access control decision model specified by OASIS. The applicability and feasibility of XACML-based policies to regulate the access to patient data are demonstrated through SAFAX. SAFAX is a new public authorization framework developed by the Eindhoven University of Technology tested among others on eHealth case studies, in cooperation with Munich University of Applied Sciences. It is envisioned that the usage of data encryption and public authorization solutions to regulate access control on patients clinical data will have a big impact on the patient’s trust in electronic healthcare systems and will speed up their large sca- e adoption.
Keywords: authorisation; cryptography; data privacy; health care; ARCANA; ERISCS research laboratory; Eindhoven University of Technology; OASIS; University Aix-Marseille; XACML-based policies; attribute-based access control authorization framework; clinical data privacy; clinical data security; cryptographic tools; ehealth data; encryption scheme; health services; healthcare; medical devices; mobile medicine; public authorization solutions; remote access; Authentication; Authorization; Data privacy; Medical services; Standards; ABAC; Patient Consent; Privacy; Security; XACML; eHealth; incremental cryptography (ID#: 16-9730)


W. Zegers, S. Y. Chang, Y. Park, and J. Gao, “A Lightweight Encryption and Secure Protocol for Smartphone Cloud,” Service-Oriented System Engineering (SOSE), 2015 IEEE Symposium on, San Francisco Bay, CA, 2015, pp. 259-266. doi: 10.1109/SOSE.2015.47
Abstract: User data on mobile devices are always transferred into Cloud for flexible and location-independent access to services and resources. The issues of data security and privacy data have been often reverted to contractual partners and trusted third parties. As a matter of fact, to project data, data encryption and user authentication are fundamental requirements between the mobile devices and the Cloud before a data transfer. However, due to limited resources of the smartphones and the unawareness of security from users, data encryption has been the last priority in mobile devices, and the authentication between two entities always depends on a trusted third party. In this paper, we propose a lightweight encryption algorithm and a security handshaking protocol for use specifically between in mobile devices and in Cloud, with the intent of securing data on the user side before it is migrated to cloud storages. The proposed cryptographic scheme and security protocol make use of unique device specific identifiers and user supplied credentials. It aims to achieve a user oriented approach for Smartphone Cloud. Through experiments, we demonstrated that the proposed cryptographic scheme requires less power consumption on mobile devices.
Keywords: authorisation; cloud computing; cryptographic protocols; data privacy; smart phones; cloud storages; contractual partners; cryptographic scheme; data encryption; data security; data transfer; lightweight encryption algorithm; location-independent access; mobile devices; privacy data; project data; secure protocol; security handshaking protocol; security protocol; smart phone cloud; trusted third party; user authentication; user data; Authentication; Encryption; Mobile communication; Protocols; Smart phones; Android; Cloud; Cryptography; Mobile devices and smartphones; Security (ID#: 16-9731)


C. Jin, C. Xu, L. Jiang, and F. Li, “ID-Based Deniable Threshold Ring Authentication,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1779-1784. doi: 10.1109/HPCC-CSS-ICESS.2015.149
Abstract: Deniable threshold ring authentication allows at least t members of a group participants to authenticate a message m without revealing which t members have generated the authenticator, and the verifier cannot convince any third party the message m is authenticated. It can be applied in anonymous and privacy communication scenarios. In this paper, we present a non-interactive identity-based deniable threshold ring authentication scheme. Our scheme is provably secure in the random oracle model under the bilinear Diffie-Hellman assumption. To the best of our knowledge, our scheme is the first identity based deniable threshold ring authentication scheme. Our scheme is very efficient since it only requires one pairing operation in authentication phase and one pairing operation in verification phase regardless of the number of the ring.
Keywords: authorisation; cryptography; message authentication; ID-based deniable threshold ring authentication; anonymous communication scenario; authentication phase; bilinear Diffie-Hellman assumption; group members;  noninteractive identity-based deniable threshold ring authentication scheme; pairing operation; privacy communication scenario; random oracle model; verification phase; Authentication; Computer science; Games; Polynomials; Public key; Receivers; Anonymous; Deniable threshold ring authentication; Identity-based cryptography; Privacy; Random oracle model (ID#: 16-9732)


A. S. Raja and S. Abd Razak, “Analysis of Security and Privacy in Public Cloud Environment,” Cloud Computing (ICCC), 2015 International Conference on, Riyadh, 2015, pp. 1-6. doi: 10.1109/CLOUDCOMP.2015.7149630
Abstract: Computing as a utility, is a long held dream that comes true in the form of evolutional paradigm known as Cloud computing. It provides a gigantic storage with ubiquitous platform access and minimal hardware requirement at user end. Ultimate features and multidisciplinary utilization made its future incontestable, and equally attractive in academia and industry. With the immense growth in the area is proportionally rising the security concern. Cloud user can really relish the maximum advantage of cloud computing if the security and privacy concerns that inherit with storing sensitive and personal identifiable information (PII) in cloud are categorically addressed. To provide flexible user authentication and preserve user privacy digital identity management services are vital. Anonymous authentication, revocation, unlinkability and delegation of authentication for multiple cloud services are obligatory user privacy parameters that require to be addressed through identity management services in cloud. In this paper we analyzed the existing work and emphasized the requirement of user privacy preserving identity management system for public cloud environment.
Keywords: authorisation; cloud computing; data privacy; PII; anonymous authentication; authentication delegation; cloud user; minimal hardware requirement; obligatory user privacy parameters; privacy analysis; public cloud environment; revocation; security analysis; sensitive-personal identifiable information storage; ubiquitous platform access; unlinkability; user privacy digital identity management service preservation; Authentication; Cloud computing; Computational modeling; Organizations; Privacy; Smart cards (ID#: 16-9733)


M. Ahmadi, M. Chizari, M. Eslami, M. J. Golkar, and M. Vali, “Access Control and User Authentication Concerns in Cloud Computing Environments,” Telematics and Future Generation Networks (TAFGEN), 2015 1st International Conference on, Kuala Lumpur, 2015, pp. 39-43. doi: 10.1109/TAFGEN.2015.7289572
Abstract: Cloud computing is a newfound service that has a rapid growth in IT industry during recent years. Despite the several advantages of this technology there are some issues such as security and privacy that affect the reliability of cloud computing models. Access control and user authentication are the most important security issues in cloud computing. Therefore, the research has been prepared to provide the overall information about this security concerns and specific details about the identified issues in access control and user authentication researches. Therefore, cloud computing benefits and disadvantages have been explained in the first part. The second part reviewed some of access control and user authentication algorithms and identifying benefits and weaknesses of each algorithm. The main aim of this survey is considering limitations and problems of previous research in the research area to find out the most challenging issue in access control and user authentication algorithms.
Keywords: authorisation; cloud computing; data privacy; IT industry; access control; cloud computing environment; cloud computing model; privacy; security concerns; security issues; user authentication algorithm; Access control; Authentication; Cloud computing; Computational modeling; Encryption; Servers; Access Control; Cloud Computing; Privacy; Security; User Authentication (ID#: 16-9734)


S. A. El-Booz, G. Attiya, and N. El-Fishawy, “A Secure Cloud Storage System Combining Time-based One Time Password and Automatic Blocker Protocol,” 2015 11th International Computer Engineering Conference (ICENCO), Cairo, 2015, pp. 188-194. doi: 10.1109/ICENCO.2015.7416346
Abstract: Cloud storages in cloud data centers can be useful for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the major problem of cloud data storage is security. As data is stored in geographically distributed data centers, how users will get the confirmation about storing data. Moreover, cloud users must be able to use the cloud storage just like the local storage, without worrying about the need to verify the data integrity and data consistency. Some researchers have been conducted with the aid of Third Party Auditor (TPA) to verify the data stored in the cloud and be sure that it is not tampered. However, the TPA is leased by the provider and after a time cloud service provider may contract with the TPA to conceal the loss of data from the user to prevent the defamation. This paper presents a novel secure cloud storage system to ensure the protection of organizations’ data from both the cloud provider and the third party auditor and from some users who take advantage of the old accounts to access the data stored on the cloud. The proposed system enhances the authentication level of security by using two authentication techniques; Time-based One Time Password (TOTP) for cloud users verification and Automatic Blocker Protocol (ABP) to fully protect the system from unauthorized third party auditor. The experimental results demonstrate the effectiveness and efficiency of the proposed system when auditing shared data integrity.
Keywords: authorisation; cloud computing; storage management; ABP; TPA; authentication techniques; automatic blocker protocol; cloud data centers; cloud storage system; cloud users verification; data maintenance; third party auditor; time-based one time password; Authentication; Contracts; Cryptography; Automatic Blocker Protocol (ABP); Cloud Computing; One Time Password (OTP); Privacy Preserving; Third Party Auditor (TPA); public auditability (ID#: 16-9735)


A. A. Malik, H. Anwar, and M. A. Shibli, “Federated Identity Management (FIM): Challenges and Opportunities,” 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, 2015, pp. 75-82. doi: 10.1109/CIACS.2015.7395570
Abstract: Federated Identity Management (FIM) is a method that facilitates management of identity processes and policies among the collaborating entities. It also enables secure resource sharing among these entities, but it hasn’t been as widely adopted as expected. So, in this paper we have identified factors that are pivotal for a holistic FIM framework or model. These factors include trust management and trust establishment techniques, preservation of user privacy, consistent access rights across Circles of Trust (CoTs), continuous monitoring of collaborating entities and adaptation to unanticipated events. On the basis of these factors, we have presented an extensive comparative analysis on existing FIM frameworks and models that identify current challenges and areas of improvement in this field. We’ve also analyzed these frameworks and models against a set of attacks to gauge their strengths and weaknesses.
Keywords: authorisation; data privacy; trusted computing; CoT; FIM framework; access right; circles of trust; entity collaboration; federated identity management; trust establishment; trust management; user privacy preservation; Adaptation models; Authentication; Metadata; Organizations; Privacy; Runtime; Adaptation to Unanticipated Events; Centralized/ Distributed trust management; Circle of Trust (CoT); Consistent Access Rights across CoTs; Continuous Trust Monitoring; Federated Identity Management (FIM); Static/ Dynamic trust establishment; User Privacy (ID#: 16-9736)


P. Dzurenda, J. Hajny, V. Zeman, and K. Vrba, “Modern Physical Access Control Systems and Privacy Protection,” Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, Prague, 2015, pp. 1-5. doi: 10.1109/TSP.2015.7296213
Abstract: The paper deals with current state of card based PAC (Physical Access Control) systems, especially their level of security and provided mechanisms for protecting users’ privacy. We propose to use ABCs (Attribute-Based Credentials) to create Privacy-PAC system that provides greater protection of user privacy compared to classic systems. We define basic requirements for Privacy-PAC and provide a comparison of the current ABC systems by their usability in Privacy-PAC. Moreover, we show performance benchmarks of cryptographic primitives used in ABCs which were implemented on Multos and Java Card platforms.
Keywords: Java; authorisation; cryptography; data privacy; user interfaces; ABC; Java Card platforms; Multos platforms; Privacy-PAC system; attribute-based credentials; cryptographic primitives; modern physical access control systems; privacy protection; users privacy; Access control; Authentication; Ciphers; Privacy; Protocols; Privacy; anonymity; cryptography; physical access; security (ID#: 16-9737)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.