Search results

The purpose of this paper Computing is a recent emerging cloud model that affords clients limitless facilities, lowers the rate of customer storing and computation and progresses the ease of use, leading to a surge in the number of enterprises and individuals storing data in the cloud. Cloud services are used by various organizations (education, medical and commercial) to store their data. In the health-care industry, for example, patient medical data is outsourced to a cloud server. Instead of relying onmedical service providers, clients can access theirmedical data over the cloud.

This section explains the proposed cloud-based health-care system for secure data storage and access control called hash-based ciphertext policy attribute-based encryption with signature (hCP-ABES). It provides access control with finer granularity, security, authentication and user confidentiality of medical data. It enhances ciphertext-policy attribute-based encryption (CP-ABE) with hashing, encryption and signature. The proposed architecture includes protection mechanisms to guarantee that health-care and medical information can be securely exchanged between health systems via the cloud. Figure 2 depicts the proposed work's architectural design.

For health-care-related applications, safe contact with common documents hosted on a cloud server is becoming increasingly important. However, there are numerous constraints to designing an effective and safe data access method, including cloud server performance, a high number of data users and various security requirements. This work adds hashing and signature to the classic CP-ABE technique. It protects the confidentiality of health-care data while also allowing for fine-grained access control. According to an analysis of security needs, this work fulfills the privacy and integrity of health information using federated learning.

The Internet of Things (IoT) technology and smart diagnostic implants have enhanced health-care systems by allowing for remote access and screening of patients’ health issues at any time and from any location. Medical IoT devices monitor patients’ health status and combine this information into medical records, which are then transferred to the cloud and viewed by health providers for decision-making. However, when it comes to information transfer, the security and secrecy of electronic health records become a major concern. This work offers effective data storage and access control for a smart healthcare system to protect confidentiality. CP-ABE ensures data confidentiality and also allows control on data access at a finer level. Furthermore, it allows owners to set up a dynamic patients health data sharing policy under the cloud layer. hCP-ABES proposed fine-grained data access, security, authentication and user privacy of medical data. This paper enhances CP-ABE with hashing, encryption and signature. The proposed method has been evaluated, and the results signify that the proposed hCP-ABES is feasible compared to other access control schemes using federated learning.

There are various system techniques or models which are used for access control by performing cryptographic operations and characterizing to provide an efficient cloud and in Internet of Things (IoT) access control. Particularly in cloud computing environment, there is a large-scale distribution of these traditional symmetric cryptographic techniques. These symmetric cryptographic techniques use the same key for encryption and decryption processes. However, during the execution of these phases, they are under the problems of key distribution and management. The purpose of this study is to provide efficient key management and key distribution in cloud computing environment.

This paper uses the Cipher text-Policy Attribute-Based Encryption (CP-ABE) technique with proper access control policy which is used to provide the data owner’s control and share the data through encryption process in Cloud and IoT environment. The data are shared with the the help of cloud storage, even in presence of authorized users. The main method used in this research is Enhanced CP-ABE Serialization (E-CP-ABES) approach.

The results are measured by means of encryption, completion and decryption time that showed better results when compared with the existing CP-ABE technique. The comparative analysis has showed that the proposed E-CP-ABES has obtained better results of 2373 ms for completion time for 256 key lengths, whereas the existing CP-ABE has obtained 3129 ms of completion time. In addition to this, the existing Advanced Encryption Standard (AES) scheme showed 3449 ms of completion time.

The proposed research work uses an E-CP-ABES access control technique that verifies the hidden attributes having a very sensitive dataset constraint and provides solution to the key management problem and access control mechanism existing in IOT and cloud computing environment. The novelty of the research is that the proposed E-CP-ABES incorporates extensible, partially hidden constraint policy by using a process known as serialization procedure and it serializes to a byte stream. Redundant residue number system is considered to remove errors that occur during the processing of bits or data obtained from the serialization. The data stream is recovered using the Deserialization process.

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model.

A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework.

The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR.

Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

In this paper, the authors consider how qualitative research techniques that are used in applied psychology to understand a person’s feelings and needs provides a means to elicit their security needs.

Recognizing that the codes uncovered during a grounded theory analysis of semi-structured interview data can be interpreted as policy attributes, the paper develops a grounded theory-based methodology that can be extended to elicit attribute-based access control style policies. In this methodology, user-participants are interviewed and machine learning is used to build a Bayesian network-based policy from the subsequent (grounded theory) analysis of the interview data.

Using a running example – based on a social psychology research study centered around photograph sharing – the paper demonstrates that in principle, qualitative research techniques can be used in a systematic manner to elicit security policy requirements.

While in principle qualitative research techniques can be used to elicit user requirements, the originality of this paper is a systematic methodology and its mapping into what is actionable, that is, providing a means to generate a machine-interpretable security policy at the end of the elicitation process.

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users.

A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is defined.

The architecture of an access control service of a web service provider consists of three components, namely an authorisation interface, an authorisation manager, and a trust manager. Access control and trust policies are selectively published according to the trust levels of web services requestors. A prototype highlights the incorporation of a trust level in the access control policy as a viable solution to the problem of web services access control, where decisions of an autonomous nature need to be made, based on information and evidence.

The WSACT architecture addresses the selective publication of policies. The implementation of sophisticated policy‐processing points at each web service endpoint, to automatically negotiate about policies, is an important element needed to complement the architecture.

The WSACT access control architecture illustrates how access control decisions can be made autonomously by including a trust level of web services requestors in an access control policy.

The WSACT architecture incorporates the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast with the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established.

The paper aims to describe the results of a recent GridShibPERMIS project whose purpose was to provide policy‐driven role‐based access control decision‐making to grid jobs, in which the user's attributes are provided by an external Shibboleth Identity Provider (IdP).

This was achieved by integrating the identity‐federation and attribute‐assignment functions of Shibboleth and the policy‐based enforcement functions of PERMIS with the Grid job management functions of Globus Toolkit v4.

Combining the three technologies proved to be relatively easy due to the Policy Information Point (PIP) and Policy Decision Point (PDP) Java interfaces recently introduced into Globus Toolkit v4.

However, a number of limitations in the current Grid‐Shib implementation were revealed, namely: the lack of support for pseudonymous access to grid resources; scalability problems because only one issuer scope domain is supported and because name mappings have to be provided for each grid user; and the inability to collect a user's attributes from multiple IdPs for use in authorisation decision‐making.

This paper provides an overview of and describes the benefits of the three technologies (GT4, Shibboleth and PERMIS), shows how they may be combined to good effect via GT4's java interfaces, describes the limitations of the current GridShib implementation and suggests possible solutions and additional research that are needed in the future in order to address the current shortcomings.

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

This paper aims at providing a comparative analysis of the existing protocols that address the security issues in the Future Internet (FI) and also to introduce a Collaborative Mutual Identity Establishment (CMIE) scheme which adopts the elliptical curve cryptography (ECC), to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as denial-of-service (DoS) and replay attack.

This paper provides a comparative analysis of the existing protocols that address the security issues in the FI and also provides a CMIE scheme, by adopting the ECC and digital signature verification mechanism, to address the issues, such as content integrity, mutual authentication, forward secrecy, auditability and resistance to attacks such as DoS and replay attack. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI. Further, the algorithm is evaluated against Automated Validation of Internet Security Protocols and Application (AVISPA) tool to verify the security solutions that the CMIE scheme has claimed to address to have been effectively achieved in reality.

The algorithm is evaluated against AVISPA tool to verify the security solutions that the CMIE scheme has claimed to address and proved to have been effectively achieved in reality. The proposed scheme enables the establishment of secured interactions between devices and entities of the FI.

Considering the Internet of Things (IoT) scenario, another important aspect that is the device-to-location (D2L) aspect has not been considered in this protocol. Major focus of the protocol is centered around the device-to-device (D2D) and device-to-server (D2S) scenarios. Also, IoT basically works upon a confluence of hundreds for protocols that support the achievement of various factors in the IoT, for example Data Distribution Service, Message Queue Telemetry Transport, Extensible Messaging and Presence Protocol, Constrained Application Protocol (CoAP) and so on. Interoperability of the proposed CMIE algorithm with the existing protocols has to be considered to establish a complete model that fits the FI. Further, each request for mutual authentication requires a querying of the database and a computation at each of the participating entities side for verification which could take considerable amount of time. However, for applications that require firm authentication for maintaining and ensuring secure interactions between entities prior to access control and initiation of actual transfer of sensitive information, the negligible difference in computation time can be ignored for the greater benefit that comes with stronger security. Other factors such as quality of service (QoS) (i.e. flexibility of data delivery, resource usage and timing), key management and distribution also need to be considered. However, the user still has the responsibility to choose the required protocol that suits one’s application and serves the purpose.

The originality of the work lies in adopting the ECC and digital signature verification mechanism to develop a new scheme that ensures mutual authentication between participating entities in the FI based upon certain user information such as identities. ECC provides efficiency in terms of key size generated and security against main-in-middle attack. The proposed scheme provides secured interactions between devices/entities in the FI.

The rapid technological growth, changes in consumer demands, products’ built-in obsolescence, presence of more non-repairable parts, shorter lifespan, etc., lead to the generation of e-waste at an unprecedented rate. Although a number of research proposals and business products to manage e-waste exist in the literature, they lack in many aspects such as incomplete coverage of product’s life cycle, access control, payment channels (in few cases), incentive mechanisms, scalability issues, and missing experimental validation. The purpose of this paper is to introduce a novel blockchain-based e-waste management system aiming to mitigate the above-mentioned downsides and limitations of the existing proposals.

This paper proposes a robust and reliable e-waste management system by leveraging the power of blockchain technology, which captures the complete life cycle of e-products commencing from their manufacturing as new products to their disposal as e-waste and their recycling back into raw materials.

While the use of blockchain technology increases accountability, transparency and trust in the system, the proposal overcomes various challenges and limitations of the existing systems by providing seamless interactions among various agencies.

This paper presents a prototype implementation of the system as a proof-of-concept using solidity on the Ethereum platform and this paper performs experimental evaluations to demonstrate its feasibility and effective performance in terms of execution gas cost and transaction throughput.