Visible to the public Biblio

Filters: Keyword is data availability  [Clear All Filters]
2021-03-29
Bogdan-Iulian, C., Vasilică-Gabriel, S., Alexandru, M. D., Nicolae, G., Andrei, V..  2020.  Improved Secure Internet of Things System using Web Services and Low Power Single-board Computers. 2020 International Conference on e-Health and Bioengineering (EHB). :1—5.

Internet of Things (IoT) systems are becoming widely used, which makes them to be a high-value target for both hackers and crackers. From gaining access to sensitive information to using them as bots for complex attacks, the variety of advantages after exploiting different security vulnerabilities makes the security of IoT devices to be one of the most challenging desideratum for cyber security experts. In this paper, we will propose a new IoT system, designed to ensure five data principles: confidentiality, integrity, availability, authentication and authorization. The innovative aspects are both the usage of a web-based communication and a custom dynamic data request structure.

2020-08-28
Avellaneda, Florent, Alikacem, El-Hackemi, Jaafar, Femi.  2019.  Using Attack Pattern for Cyber Attack Attribution. 2019 International Conference on Cybersecurity (ICoCSec). :1—6.

A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach.

2020-06-22
Tong, Dong, Yong, Zeng, Mengli, Liu, Zhihong, Liu, Jianfeng, Ma, Xiaoyan, Zhu.  2019.  A Topology Based Differential Privacy Scheme for Average Path Length Query. 2019 International Conference on Networking and Network Applications (NaNA). :350–355.
Differential privacy is heavily used in privacy protection due to it provides strong protection against private data. The existing differential privacy scheme mainly implements the privacy protection of nodes or edges in the network by perturbing the data query results. Most of them cannot meet the privacy protection requirements of multiple types of information. In order to overcome these issues, a differential privacy security mechanism with average path length (APL) query is proposed in this paper, which realize the privacy protection of both network vertices and edge weights. Firstly, by describing APL, the reasons for choosing this attribute as the query function are analyzed. Secondly, global sensitivity of APL query under the need of node privacy protection and edge-weighted privacy protection is proved. Finally, the relationship between data availability and privacy control parameters in differential privacy is analyzed through experiments.
2020-06-01
Lili, Yu, Lei, Zhang, Jing, Li, Fanbo, Meng.  2018.  A PSO clustering based RFID middleware. 2018 4th International Conference on Control, Automation and Robotics (ICCAR). :222–225.
In current, RFID (Radio Frequency Identification) Middleware is widely used in nearly all RFID applications, and provides service for raw data capturing, security data reading/writing as well as sensors controlling. However, as the existing Middlewares were organized with rigorous data comparison and data encryption, it is seriously affecting the usefulness and execution efficiency. Thus, in order to improve the utilization rate of effective data, increase the reading/writing speed as well as preserving the security of RFID, this paper proposed a PSO (Particle swarm optimization) clustering scheme to accelerate the procedure of data operation. Then with the help of PSO cluster, the RFID Middleware can provide better service for both data security and data availability. At last, a comparative experiment is proposed, which is used to further verify the advantage of our proposed scheme.
2019-12-09
Sel, Daniel, Zhang, Kaiwen, Jacobsen, Hans-Arno.  2018.  Towards Solving the Data Availability Problem for Sharded Ethereum. Proceedings of the 2Nd Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers. :25–30.
The success and growing popularity of blockchain technology has lead to a significant increase in load on popular permissionless blockchains such as Ethereum. With the current design, these blockchain systems do not scale with additional nodes since every node executes every transaction. Further efforts are therefore necessary to develop scalable permissionless blockchain systems. In this paper, we provide an aggregated overview of the current research on the Ethereum blockchain towards solving the scalability challenge. We focus on the concept of sharding, which aims to break the restriction of every participant being required to execute every transaction and store the entire state. This concept however introduces new complexities in the form of stateless clients, which leads to a new challenge: how to guarantee that critical data is published and stays available for as long as it is relevant. We present an approach towards solving the data availability problem (DAP) that leverages synergy effects by reusing the validators from Casper. We then propose two distinct approaches for reliable collation proposal, state transition, and state verification in shard chains. One approach is based on verification by committees of Casper validators that execute transactions in proposed blocks using witness data provided by executors. The other approach relies on a proof of execution provided by the executor proposing the block and a challenge game, where other executors verify the proof. Both concepts rely on executors for long-term storage of shard chain state.
2019-02-18
Shamieh, F., Alharbi, R..  2018.  Novel Sybil Defense Scheme for Peer–to–peer Applications. 2018 21st Saudi Computer Society National Computer Conference (NCC). :1–8.

The importance of peer-to-peer (P2P) network overlays produced enormous interest in the research community due to their robustness, scalability, and increase of data availability. P2P networks are overlays of logically connected hosts and other nodes including servers. P2P networks allow users to share their files without the need for any centralized servers. Since P2P networks are largely constructed of end-hosts, they are susceptible to abuse and malicious activity, such as sybil attacks. Impostors perform sybil attacks by assigning nodes multiple addresses, as opposed to a single address, with the goal of degrading network quality. Sybil nodes will spread malicious data and provide bogus responses to requests. To prevent sybil attacks from occurring, a novel defense mechanism is proposed. In the proposed scheme, the DHT key-space is divided and treated in a similar manner to radio frequency allocation incensing. An overlay of trusted nodes is used to detect and handle sybil nodes with the aid of source-destination pairs reporting on each other. The simulation results show that the proposed scheme detects sybil nodes in large sized networks with thousands of interactions.

2018-11-14
Magyar, G..  2017.  Blockchain: Solving the Privacy and Research Availability Tradeoff for EHR Data: A New Disruptive Technology in Health Data Management. 2017 IEEE 30th Neumann Colloquium (NC). :000135–000140.

A blockchain powered Health information ecosystem can solve a frequently discussed problem of the lifelong recorded patient health data, which seriously could hurdle the privacy of the patients and the growing data hunger of the research and policy maker institutions. On one side the general availability of the data is vital in emergency situations and supports heavily the different research, population health management and development activities, on the other side using the same data can lead to serious social and ethical problems caused by malicious actors. Currently, the regulation of the privacy data varies all over the world, however underlying principles are always defensive and protective towards patient privacy against general availability. The protective principles cause a defensive, data hiding attitude of the health system developers to avoid breaching the overall law regulations. It makes the policy makers and different - primarily drug - developers to find ways to treat data such a way that lead to ethical and political debates. In our paper we introduce how the blockchain technology can help solving the problem of secure data storing and ensuring data availability at the same time. We use the basic principles of the American HIPAA regulation, which defines the public availability criteria of health data, however the different local regulations may differ significantly. Blockchain's decentralized, intermediary-free, cryptographically secured attributes offer a new way of storing patient data securely and at the same time publicly available in a regulated way, where a well-designed distributed peer-to-peer network incentivize the smooth operation of a full-featured EHR system.

2018-09-28
Li-Xin, L., Yong-Shan, D., Jia-Yan, W..  2017.  Differential Privacy Data Protection Method Based on Clustering. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :11–16.

To enhance privacy protection and improve data availability, a differential privacy data protection method ICMD-DP is proposed. Based on insensitive clustering algorithm, ICMD-DP performs differential privacy on the results of ICMD (insensitive clustering method for mixed data). The combination of clustering and differential privacy realizes the differentiation of query sensitivity from single record to group record. At the meanwhile, it reduces the risk of information loss and information disclosure. In addition, to satisfy the requirement of maintaining differential privacy for mixed data, ICMD-DP uses different methods to calculate the distance and centroid of categorical and numerical attributes. Finally, experiments are given to illustrate the availability of the method.

Cao, H., Liu, S., Zhao, R., Gu, H., Bao, J., Zhu, L..  2017.  A Privacy Preserving Model for Energy Internet Base on Differential Privacy. 2017 IEEE International Conference on Energy Internet (ICEI). :204–209.

Comparing with the traditional grid, energy internet will collect data widely and connect more broader. The analysis of electrical data use of Non-intrusive Load Monitoring (NILM) can infer user behavior privacy. Consideration both data security and availability is a problem must be addressed. Due to its rigid and provable privacy guarantee, Differential Privacy has proverbially reached and applied to privacy preserving data release and data mining. Because of its high sensitivity, increases the noise directly will led to data unavailable. In this paper, we propose a differentially private mechanism to protect energy internet privacy. Our focus is the aggregated data be released by data owner after added noise in disaggregated data. The theoretically proves and experiments show that our scheme can achieve the purpose of privacy-preserving and data availability.

2018-08-23
Haq, M. S., Anwar, Z., Ahsan, A., Afzal, H..  2017.  Design pattern for secure object oriented information systems development. 2017 14th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :456–460.
There are many object oriented design patterns and frameworks; to make the Information System robust, scalable and extensible. The objected oriented patterns are classified in the category of creational, structural, behavioral, security, concurrency, and user interface, relational, social and distributed. All the above classified design pattern doesn't work to provide a pathway and standards to make the Information system, to fulfill the requirement of confidentiality, Integrity and availability. This research work will explore the gap and suggest possible object oriented design pattern focusing the information security perspectives of the information system. At application level; this object oriented design pattern/framework shall try to ensure the Confidentiality, Integrity and Availability of the information systems intuitively. The main objective of this research work is to create a theoretical background of object oriented framework and design pattern which ensure confidentiality, integrity and availability of the system developed through the object oriented paradigm.
2017-12-28
Ouffoué, G., Ortiz, A. M., Cavalli, A. R., Mallouli, W., Domingo-Ferrer, J., Sánchez, D., Zaidi, F..  2016.  Intrusion Detection and Attack Tolerance for Cloud Environments: The CLARUS Approach. 2016 IEEE 36th International Conference on Distributed Computing Systems Workshops (ICDCSW). :61–66.

The cloud has become an established and widespread paradigm. This success is due to the gain of flexibility and savings provided by this technology. However, the main obstacle to full cloud adoption is security. The cloud, as many other systems taking advantage of the Internet, is also facing threats that compromise data confidentiality and availability. In addition, new cloud-specific attacks have emerged and current intrusion detection and prevention mechanisms are not enough to protect the complex infrastructure of the cloud from these vulnerabilities. Furthermore, one of the promises of the cloud is the Quality of Service (QoS) by continuous delivery, which must be ensured even in case of intrusion. This work presents an overview of the main cloud vulnerabilities, along with the solutions proposed in the context of the H2020 CLARUS project in terms of monitoring techniques for intrusion detection and prevention, including attack-tolerance mechanisms.

2017-11-27
Pan, K., Teixeira, A. M. H., Cvetkovic, M., Palensky, P..  2016.  Combined data integrity and availability attacks on state estimation in cyber-physical power grids. 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm). :271–277.

This paper introduces combined data integrity and availability attacks to expand the attack scenarios against power system state estimation. The goal of the adversary, who uses the combined attack, is to perturb the state estimates while remaining hidden from the observer. We propose security metrics that quantify vulnerability of power grids to combined data attacks under single and multi-path routing communication models. In order to evaluate the proposed security metrics, we formulate them as mixed integer linear programming (MILP) problems. The relation between the security metrics of combined data attacks and pure data integrity attacks is analyzed, based on which we show that, when data availability and data integrity attacks have the same cost, the two metrics coincide. When data availability attacks have a lower cost than data integrity attacks, we show that a combined data attack could be executed with less attack resources compared to pure data integrity attacks. Furthermore, it is shown that combined data attacks would bypass integrity-focused mitigation schemes. These conclusions are supported by the results obtained on a power system model with and without a communication model with single or multi-path routing.

2017-08-22
Thao, Tran Phuong, Omote, Kazumasa.  2016.  ELAR: Extremely Lightweight Auditing and Repairing for Cloud Security. Proceedings of the 32Nd Annual Conference on Computer Security Applications. :40–51.

Cloud storage has been gaining in popularity as an on-line service for archiving, backup, and even primary storage of files. However, due to the data outsourcing, cloud storage also introduces new security challenges, which require a data audit and data repair service to ensure data availability and data integrity in the cloud. In this paper, we present the design and implementation of a network-coding-based Proof Of Retrievability scheme called ELAR, which achieves a lightweight data auditing and data repairing. In particular, we support direct repair mechanism in which the client can be free from the data repair process. Simultaneously, we also support the task of allowing a third party auditor (TPA), on behalf of the client, to verify the availability and integrity of the data stored in the cloud servers without the need of an asymmetric-key setting. The client is thus also free from the data audit process. TPA uses spot-checking which is a very efficient probabilistic method for checking a large amount of data. Extensive security and performance analysis show that the proposed scheme is highly efficient and provably secure.

2017-03-08
Mahajan, S., Katti, J., Walunj, A., Mahalunkar, K..  2015.  Designing a database encryption technique for database security solution with cache. 2015 IEEE International Advance Computing Conference (IACC). :357–360.

A database is a vast collection of data which helps us to collect, retrieve, organize and manage the data in an efficient and effective manner. Databases are critical assets. They store client details, financial information, personal files, company secrets and other data necessary for business. Today people are depending more on the corporate data for decision making, management of customer service and supply chain management etc. Any loss, corrupted data or unavailability of data may seriously affect its performance. The database security should provide protected access to the contents of a database and should preserve the integrity, availability, consistency, and quality of the data This paper describes the architecture based on placing the Elliptical curve cryptography module inside database management software (DBMS), just above the database cache. Using this method only selected part of the database can be encrypted instead of the whole database. This architecture allows us to achieve very strong data security using ECC and increase performance using cache.

2015-05-06
Silei Xu, Runhui Li, Lee, P.P.C., Yunfeng Zhu, Liping Xiang, Yinlong Xu, Lui, J.C.S..  2014.  Single Disk Failure Recovery for X-Code-Based Parallel Storage Systems. Computers, IEEE Transactions on. 63:995-1007.

In modern parallel storage systems (e.g., cloud storage and data centers), it is important to provide data availability guarantees against disk (or storage node) failures via redundancy coding schemes. One coding scheme is X-code, which is double-fault tolerant while achieving the optimal update complexity. When a disk/node fails, recovery must be carried out to reduce the possibility of data unavailability. We propose an X-code-based optimal recovery scheme called minimum-disk-read-recovery (MDRR), which minimizes the number of disk reads for single-disk failure recovery. We make several contributions. First, we show that MDRR provides optimal single-disk failure recovery and reduces about 25 percent of disk reads compared to the conventional recovery approach. Second, we prove that any optimal recovery scheme for X-code cannot balance disk reads among different disks within a single stripe in general cases. Third, we propose an efficient logical encoding scheme that issues balanced disk read in a group of stripes for any recovery algorithm (including the MDRR scheme). Finally, we implement our proposed recovery schemes and conduct extensive testbed experiments in a networked storage system prototype. Experiments indicate that MDRR reduces around 20 percent of recovery time of the conventional approach, showing that our theoretical findings are applicable in practice.

2015-05-05
Peng Li, Song Guo.  2014.  Load balancing for privacy-preserving access to big data in cloud. Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on. :524-528.

In the era of big data, many users and companies start to move their data to cloud storage to simplify data management and reduce data maintenance cost. However, security and privacy issues become major concerns because third-party cloud service providers are not always trusty. Although data contents can be protected by encryption, the access patterns that contain important information are still exposed to clouds or malicious attackers. In this paper, we apply the ORAM algorithm to enable privacy-preserving access to big data that are deployed in distributed file systems built upon hundreds or thousands of servers in a single or multiple geo-distributed cloud sites. Since the ORAM algorithm would lead to serious access load unbalance among storage servers, we study a data placement problem to achieve a load balanced storage system with improved availability and responsiveness. Due to the NP-hardness of this problem, we propose a low-complexity algorithm that can deal with large-scale problem size with respect to big data. Extensive simulations are conducted to show that our proposed algorithm finds results close to the optimal solution, and significantly outperforms a random data placement algorithm.
 

2015-04-30
Omote, K., Thao, T.P..  2014.  A New Efficient and Secure POR Scheme Based on Network Coding. Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on. :98-105.

Information is increasing quickly, database owners have tendency to outsource their data to an external service provider called Cloud Computing. Using Cloud, clients can remotely store their data without burden of local data storage and maintenance. However, such service provider is untrusted, therefore there are some challenges in data security: integrity, availability and confidentiality. Since integrity and availability are prerequisite conditions of the existence of a system, we mainly focus on them rather than confidentiality. To ensure integrity and availability, researchers have proposed network coding-based POR (Proof of Retrievability) schemes that enable the servers to demonstrate whether the data is retrievable or not. However, most of network coding-based POR schemes are inefficient in data checking and also cannot prevent a common attack in POR: small corruption attack. In this paper, we propose a new network coding-based POR scheme using dispersal code in order to reduce cost in checking phase and also to prevent small corruption attack.