Biblio

Our identity as a human being is determined by the documents, not by appearance or physicality. The most important thing to prove the identity of humans is to show a government-issued document. Generally, from birth to death humans are recognized by documents because they are born with a birth certificate and they die with a death certificate. The main problem with these documents is that, they can be falsified or manipulated by others. Moreover in this digital era, they are stored in a centralized manner, which is prone to a cyber threat. This study aims to develop a blockchain environment to create, verify, and securely share documents in a decentralized manner. With the help of bigchainDB, interplanetary file system (IPFS), and asymmetric encryption, this research work will prototype the proposed solution called blockchain-based digital locker, which is similar to the DigiLocker released by the Department of Electronics and Information Technology (DeitY), Govt. of India. BigchainDB will help in treating each document as an asset by making it immutable with the help of IPFS and asymmetric encryption, where documents can not only be shared but also verified.

Cloud computing enables users and organizations to conveniently store and share data in large volumes and to enjoy on-demand services. Security and the protection of big data sharing from various attacks is the most challenging issue. Proxy re-encryption (PRE) is an effective method to improve the security of data sharing in the cloud environment. However, in PRE schemes, offloading big data for re-encryption will impose a heavy computational burden on the cloud proxy server, resulting in an increased computation delay and response time for the users. In this paper, we propose a novel parallel PRE workload distribution scheme to dynamically route the big data re-encryption process into the fog of the network. Moreover, this paper proposes a dynamic load balancing technique to avoid an excessive workload for the fog nodes. It also uses lightweight asymmetric cryptography to provide end-to-end security for the big data sharing between users. Within the proposed scheme, the offloading overhead on the centralized cloud server is effectively mitigated. Meanwhile, the processing delay incurred by the big data re-encryption process is efficiently improved.

An emerging widely used technology cloud computing which a paddle of computing resources is available for the users. Through the internet-based the resources could be supplied to cloud consumers at their request but it is not directly active management by the user. This application-based software infrastructure can store data on remote serves, which can be accessed through the internet and a user who wants to access data stored in the cloud have to use an internet browser or cloud computing software. Data protection has become one of the significant issues in cloud computing when users must rely on their cloud providers for security purposes. In this article, a system that can embarrass the disclosure of the key for distributing a file that will assure security dispensing asymmetric key and sharing it among the cloud environment and user perform the integrity check themselves rather than using third-party services by using compression or hash function where the hash is created using a hash function and it was not mentioned in the previous paper. After the user receives the data every hash is compared with other hash values to check the differences of the data. The time-consumption of encryption and decryption of the data is calculated and compared with the previous paper and the experiment shows that our calculation took around 80% less time.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

Cloud storage is a low-cost and convenient storage method, but the nature of cloud storage determines the existence of security risks for data uploaded by users. In order to ensure the security of users' data in third-party cloud platforms, a zero trust security platform for data trusteeship is proposed. The platform introduces the concept of zero trust, which meets the needs of users to upload sensitive data to untrusted third-party cloud platforms by implementing multiple functional modules such as sensitivity analysis service, cipher index service, attribute encryption service.

With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.

Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.

Modern commercial software development organizations frequently prescribe to a development and deployment pattern for releases known as continuous integration / continuous deployment (CI/CD). Kubernetes, a cluster-based distributed application platform, is often used to implement this pattern. While the abstract concept is fairly well understood, CI/CD implementations vary widely. Resources are scattered across on-premise and cloud-based services, and systems may not be fully automated. Additionally, while a development pipeline may aim to ensure the security of the finished artifact, said artifact may not be protected from outside observers or cloud providers during execution. This paper describes a complete CI/CD pipeline running on Kubernetes that addresses four gaps in existing implementations. First, the pipeline supports strong separation-of-duties, partitioning development, security, and operations (i.e., DevSecOps) roles. Second, automation reduces the need for a human interface. Third, resources are scoped to a Kubernetes cluster for portability across environments (e.g., public cloud providers). Fourth, deployment artifacts are secured with Asylo, a development framework for trusted execution environments (TEEs).

In this research we have explained to set up an Infrared Array Sensor system that is IOT based in order to provide security at remote location. We have tried to Establishment of cloud environment to host IOT application & Development of IOT Application using Asp.net with C\# programming platform. We have Integrated IOT with Infrared Array sensors in order to implement proposed work. In this research camera captures the external event and sent signal to Infrared grid array sensor. Internet of Things (IoT) would enable applications of utmost societal value including smart cities, smart grids & smart healthcare. For majority of such applications, strict dependability requirements are placed on IOT performance, & sensor data as well as actuator commands must be delivered reliably & timely.

Load profiling is to cluster power consumption data to generate load patterns showing typical behaviors of consumers, and thus it has enormous potential applications in smart grid. However, short-interval readings would generate massive smart meter data. Although cloud computing provides an excellent choice to analyze such big data, it also brings significant privacy concerns since the cloud is not fully trustworthy. In this paper, based on a modified vector homomorphic encryption (VHE), we propose a privacy-preserving and outsourced k-means clustering scheme (PPOk M) for secure load profiling over encrypted meter data. In particular, we design a similarity-measuring method that effectively and non-interactively performs encrypted distance metrics. Besides, we present an integrity verification technique to detect the sloppy cloud server, which intends to stop iterations early to save computational cost. In addition, extensive experiments and analysis show that PPOk M achieves high accuracy and performance while preserving convergence and privacy.

The reliable distributed data storage system based on the Redundant Residue Number System (RRNS) is developed. The structure of the system, data splitting and recovery algorithms based on RRNS are developed. A study of the total time and time spent on converting ASCII-encoded data into a RRNS for files of various sizes is conducted. The research of data recovery time is conducted for the inverse transformation from RRNS to ASCII codes.

Data integrity and recovery management is a more important issue in cloud computing because data is located in everywhere. There is a big challenge in backup recovery and security. It is required to provide an efficient and more reliable system in data storage. In this paper, a new methodology is focused and proposed data recovery and data management to assure high-level scalability and high order reliability to provide fault recognition and fault tolerance cloud-based systems. We propose a methodology of segmenting data and generating tokens for the data split-up by adding the address of the cloud or locations of the cloud storage using the tailing method. Thus the missing segment of any faulty node is easily recognized within a short range of limits and will get the data backup from the neighboring nodes.

Computer Networks fights with a continues issues with attackers and intruders. Attacks on distributed systems becoming more powerful and more frequent day by day. Intrusion detection methods are performing main role to detect intruders and attackers. To identify intrusion on computer or computer networks an intrusion detection system methods are used. Network Intrusion Detection System (NIDS) performs an prime role by presenting the network security. It gives a defense layer by monitoring the traffic on network for predefined distrustful activity or pattern. In this paper we have analyze and compare existing signature based and anomaly based algorithm with Openstack private cloud.

Fast Growth of (ICT) Information and Communication Technology results to Innovation of Cloud Computing and is considered as a key driver for technological innovations, as an IT innovations, cloud computing had added a new dimension to that importance by increasing usage to technology that motivates economic development at the national and global levels. Continues need of higher storage space (applications, files, videos, music and others) are some of the reasons for adoption and implementation, Users and Enterprises are gradually changing the way and manner in which Data and Information are been stored. Storing/Retrieving Data and Information traditionally using Standalone Computers are no longer sustainable due to high cost of Peripheral Devices, This further recommends organizational innovative adoption with regards to approaches on how to effectively reduced cost in businesses. Cloud Computing provides a lot of prospects to users/organizations; it also exposes security concerns which leads to low adoption, implementation and usage. Therefore, the study will examine standard ways of improving cloud computing adoption, implementation and usage by proposing and developing a security model using a design methodology that will ensure a secured Cloud Computing and also identify areas where future regularization could be operational.

Smart cities and societies are driving unprecedented technological and socioeconomic growth in everyday life albeit making us increasingly vulnerable to infinitely and incomprehensibly diverse threats. Short Message Service (SMS) spam is one such threat that can affect mobile security by propagating malware on mobile devices. A security breach could also cause a mobile device to send spam messages. Many works have focused on classifying incoming SMS messages. This paper proposes a tool to detect spam from outgoing SMS messages, although the work can be applied to both incoming and outgoing SMS messages. Specifically, we develop a system that comprises multiple machine learning (ML) based classifiers built by us using three classification methods – Naïve Bayes (NB), Support Vector Machine (SVM), and Naïve Bayes Multinomial (NBM)- and five preprocessing and feature extraction methods. The system is built to allow its execution in cloud, fog or edge layers, and is evaluated using 15 datasets built by 4 widely-used public SMS datasets. The system detects spam SMSs and gives recommendations on the spam filters and classifiers to be used based on user preferences including classification accuracy, True Negatives (TN), and computational resource requirements.

Quality Critical Decentralised Applications (QC-DApp) have high requirements for system performance and service quality, involve heterogeneous infrastructures (Clouds, Fogs, Edges and IoT), and rely on the trustworthy collaborations among participants of data sources and infrastructure providers to deliver their business value. The development of the QCDApp has to tackle the low-performance challenge of the current blockchain technologies due to the low collaboration efficiency among distributed peers for consensus. On the other hand, the resilience of the Cloud has enabled significant advances in software-defined storage, networking, infrastructure, and every technology; however, those rich programmabilities of infrastructure (in particular, the advances of new hardware accelerators in the infrastructures) can still not be effectively utilised for QCDApp due to lack of suitable architecture and programming model.

Information security provides a set of mechanisms to be implemented in the organisation to protect the disclosure of data to the unauthorised person. Access control is the primary security component that allows the user to authorise the consumption of resources and data based on the predefined permissions. However, the access rules are static in nature, which does not adapt to the dynamic environment includes but not limited to healthcare, cloud computing, IoT, National Security and Intelligence Arena and multi-centric system. There is a need for an additional countermeasure in access decision that can adapt to those working conditions to assess the threats and to ensure privacy and security are maintained. Risk analysis is an act of measuring the threats to the system through various means such as, analysing the user behaviour, evaluating the user trust, and security policies. It is a modular component that can be integrated into the existing access control to predict the risk. This study presents the different techniques and approaches applied for risk analysis in access control. Based on the insights gained, this paper formulates the taxonomy of risk analysis and properties that will allow researchers to focus on areas that need to be improved and new features that could be beneficial to stakeholders.

Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToNİoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TONİoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].

Cyber-Physical Systems (CPS) such as intelligent connected vehicles, smart farming and smart logistics are constantly generating tons of data and requiring real-time data processing capabilities. Therefore, Edge Computing which provisions computing resources close to the End Devices from the network edge is becoming the ideal platform for CPS. However, it also brings many issues and one of the most prominent challenges is how to ensure the development of trustworthy smart services given the dynamic and distributed nature of Edge Computing. To tackle this challenge, this paper proposes a novel Federated Learning based Edge Computing platform for CPS, named “FengHuoLun”. Specifically, based on FengHuoLun, we can: 1) implement smart services where machine learning models are trained in a trusted Federated Learning framework; 2) assure the trustworthiness of smart services where CPS behaviours are tested and monitored using the Federated Learning framework. As a work in progress, we have presented an overview of the FengHuoLun platform and also some preliminary studies on its key components, and finally discussed some important future research directions.

The Internet of Things is progressively turning into a pervasive computing service, needing enormous volumes of data storage and processing. However, due to the distinctive properties of resource constraints, self-organization, and short-range communication in Internet of Things (IoT), it always adopts to cloud for outsourced storage and computation. This integration of IoT with cloud has a row of unfamiliar security challenges for the data at rest. Cloud computing delivers highly scalable and flexible computing and storage resources on pay-per-use policy. Cloud computing services for computation and storage are getting increasingly popular and many organizations are now moving their data from in-house data centers to the Cloud Storage Providers (CSPs). Time varying workload and data intensive IoT applications are vulnerable to encounter challenges while using cloud computing services. Additionally, the encryption techniques and third-party auditors to maintain data integrity are still in their developing stage and therefore the data at rest is still a concern for IoT applications. In this paper, we perform an analysis study to investigate the challenges and strategies adapted by Cloud Computing to facilitate a safe transition of IoT applications to the Cloud.

The advance of smart eHealthcare and cloud computing techniques has propelled an increasing number of healthcare centers to outsource their healthcare data to the cloud. Meanwhile, in order to preserve the privacy of the sensitive information, healthcare centers tend to encrypt the data before outsourcing them to the cloud. Although the data encryption technique can preserve the privacy of the data, it inevitably hinders the query functionalities over the outsourced data. Among all practical query functionalities, the similarity range query is one of the most popular ones. However, to our best knowledge, many existing studies on the similarity range query over outsourced data still suffer from the efficiency issue in the query process. Therefore, in this paper, aiming at improving the query efficiency, we propose an efficient privacy-preserving similarity range query scheme based on the precomputed distance technique. In specific, we first introduce a pre-computed distance based similarity range query (PreDSQ) algorithm, which can improve the query efficiency by precomputing some distances. Then, we propose our privacy-preserving similarity query scheme by applying an asymmetric scalar-product-preserving encryption technique to preserve the privacy of the PreDSQ algorithm. Both security analysis and performance evaluation are conducted, and the results show that our proposed scheme is efficient and can well preserve the privacy of data records and query requests.

The popularity of cloud storage among data users is due to easy maintenance, and no initial infrastructure setup cost as compared to local storage. However, although the data users outsource their data to cloud storage (a third party) still, they concern about their physical data. To check whether the data stored in the cloud storage has been modified or not, public auditing of the data is required before its utilization. To audit over vast outsourced data, the availability of the auditor is an essential requirement as nowadays, data owners are using mobile devices. But unfortunately, a single auditor leads to a single point of failure and inefficient to preserve the security and correctness of outsourced data. So, we introduce a distributed public auditing scheme which is based on peer-to-peer (P2P) architecture. In this work, the auditors are organized using a distributed hash table (DHT) mechanism and audit the outsourced data with the help of a published hashed key of the data. The computation and communication overhead of our proposed scheme is compared with the existing schemes, and it found to be an effective solution for public auditing on outsourced data with no single point of failure.

With the proliferation of cloud services, cloud-based image retrieval services enable large-scale image outsourcing and ubiquitous image searching. While enjoying the benefits of the cloud-based image retrieval services, critical privacy concerns may arise in such services since they may contain sensitive personal information. In this paper, we propose an efficient and Privacy-Preserving Image Retrieval scheme with Key Switching Technique (PPIRS). PPIRS utilizes the inner product encryption for measuring Euclidean distances between image feature vectors and query vectors in a privacy-preserving manner. Due to the high dimension of the image feature vectors and the large scale of the image databases, traditional secure Euclidean distance comparison methods provide insufficient search efficiency. To prune the search space of image retrieval, PPIRS tailors key switching technique (KST) for reducing the dimension of the encrypted image feature vectors and further achieves low communication overhead. Meanwhile, by introducing locality sensitive hashing (LSH), PPIRS builds efficient searchable indexes for image retrieval by organizing similar images into a bucket. Security analysis shows that the privacy of both outsourced images and queries are guaranteed. Extensive experiments on a real-world dataset demonstrate that PPIRS achieves efficient image retrieval in terms of computational cost.

The new network based on software-defined network SDN and network function virtualization NFV will replace the traditional network, so it is urgent to study the network security architecture based on the new network environment. This paper presents a software - defined security SDS architecture. It is open and universal. It provides an open interface for security services, security devices, and security management. It enables different network security vendors to deploy security products and security solutions. It can realize the deployment, arrangement and customization of virtual security function VSFs. It implements fine-grained data flow control and security policy management. The author analyzes the different types of attacks that different parts of the system are vulnerable to. The defender can disable the network attacks by changing the server-side security configuration scheme. The future research direction of network security is put forward.