Search results
1 – 10 of over 3000Hamed Khiabani, Norbik Bashah Idris and Jamalul-lail Ab Manan
Ambient service provisioning with the least human participation in a pervasive computing environment, which is composed of interconnected devices and sensors, raises several trust…
Abstract
Purpose
Ambient service provisioning with the least human participation in a pervasive computing environment, which is composed of interconnected devices and sensors, raises several trust and security issues. Accurate measuring of the integrity of the nodes that are willing to interact in this intimate environment can boost the trust evolution process, particularly in the uncertainty state and initiation phase. The paper aims to discuss these issues.
Design/methodology/approach
The paper presents a unified approach in calculating the trust value among the nodes by leveraging some trusted computing functionalities. The approach aggregates different trust metrics like context, recommendation, and history to compute the trust index of each party more accurately. The paper also describes several existing remote attestation techniques including the chosen attestation technique for the model. The paper simulated the behaviour of the model in different scenarios and evaluates its responsiveness when the trustworthiness among peer nodes can be attested.
Findings
The results obtained from different simulated scenarios demonstrate the usefulness of the proposed model. It is shown that trust evaluation process in the proposed model is very granular and also can be fine-tuned according to the application and context. The model strength in solving the uncertain situations and assigning appropriate initial trust values is shown, as well. Finally, the paper describes the future research plan to evaluate the accuracy of the model.
Originality/value
The novel idea of applying remote attestation in trust determination may open up new avenues of research in the study of trust management and trust models.
Details
Keywords
Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger and Roberto Maldonado
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software…
Abstract
Purpose
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.
Design/methodology/approach
An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.
Findings
Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.
Practical implications
A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.
Originality/value
Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.
Details
Keywords
- Software development
- Blockchain
- Cybersecurity
- Operational flight program
- Secure development environment
- Secure virtual machine
- Zero trust
- Embedded systems
- Mission-critical systems
- OFP
- DevOps
- DevSecOps
- Software support activity
- SSA
- SDE
- Permissioned blockchain
- Cryptocurrency
- Time-limited authorization for developer action
- TADA
- Code signing
- Trusted software guard
- SGX
- Trusted eXecution technology
- TXT
- Trusted platform module
- Self-hosting
- Controlled access blockchain
- CABlock
- Role-based access control
- RBAC
Lamya Abdullah and Juan Quintero
The purpose of this study is to propose an approach to avoid having to trust a single entity in cloud-based applications. In cloud computing, data processing is delegated to a…
Abstract
Purpose
The purpose of this study is to propose an approach to avoid having to trust a single entity in cloud-based applications. In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is data privacy; hence, the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously.
Design/methodology/approach
An approach that avoids having to trust a single entity is proposed. This approach is based on two concepts: the technical abstraction of sealed computation, i.e. a technical mechanism to confine a privacy-aware processing of data within a tamper-proof hardware container, and the role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected.
Findings
Discussion and analysis of the abstract, technical and procedural requirements of these concepts and how they can be applied in practice are explained.
Originality/value
A preliminary version of this paper was published in the proceedings of the second International Workshop on SECurity and Privacy Requirements Engineering (SECPRE, 2018).
Details
Keywords
Milica Milutinovic and Bart De Decker
The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize…
Abstract
Purpose
The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize adequate care to a growing number of individuals. As a way to provide efficient and cost-effective care, eHealth systems are gaining importance. However, this trend is creating new ethical concerns. Major issues are privacy and patients’ control over their data. To deploy these systems on a large scale, they need to offer strict privacy protection. Even though many research proposals focus on eHealth systems and related ethical requirements, there is an evident lack of practical solutions for protecting users’ personal information. The purpose of this study is to explore the ethical considerations related to these systems and extract the privacy requirements. This paper also aims to put forth a system design which ensures appropriate privacy protection.
Design/methodology/approach
This paper investigates the existing work in the area of eHealth systems and the related ethical considerations, which establish privacy as one of the main requirements. It lists the ethical requirements and data protection standards that a system needs to fulfil and uses them as a guideline for creating the proposed design.
Findings
Even though privacy is considered to be a paramount aspect of the eHealth systems, the existing proposals do not tackle this issue from the outset of the design. Consequently, introducing privacy at the final stages of the system deployment imposes significant limitations and the provided data protection is not always to the standards expected by the users.
Originality/value
This paper motivates the need for addressing ethical concerns in the eHealth domain with special focus on establishing strict privacy protection. It lists the privacy requirements and offers practical solutions for developing a privacy-friendly system and takes the approach of privacy-by-design. Additionally, the proposed design is evaluated against ethical principles as proposed in the existing literature. The aim is to show that technological advances can be used to improve quality and efficiency of care, while the usually raised concerns can be avoided.
Details
Keywords
Ado Adamou Abba Ari, Olga Kengni Ngangmo, Chafiq Titouna, Ousmane Thiare, Kolyang, Alidou Mohamadou and Abdelhak Mourad Gueroui
The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the…
Abstract
The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.
Details
Keywords
Yuvarani T. and Arunachalam A.R.
Generally, Internet-of-Things (IoT) is quite small sized with limited resource and low cost that may be vulnerable for physical and cloned attacking. All kind of authentication…
Abstract
Purpose
Generally, Internet-of-Things (IoT) is quite small sized with limited resource and low cost that may be vulnerable for physical and cloned attacking. All kind of authentication protocols designed to IoT devices are robust despite which it is prone to attack by hackers. In order to resolve this issue, there are various researches that have introduced the best method for obscuring the cryptographic key. However, the studies have majorly aimed to generate the key dynamically from noise data by Fuzzy Extractor (FE) or Fuzzy Commitment (FC). Hence, these methods have utilized this kind of data with noisy source namely Physical Unclonable Function (PUF) or biometric data. There are several IoT devices that get operated over undermined environment in which biometric data is not available but the technique utilized with biometric data can't be used to undermined IoT devices. Even though, the PUF technique is implemented for the undermined IoT devices this is quite vulnerable over physical attacks inclusive of accidental move and theft.
Design/methodology/approach
This paper has proposed an advanced scheme in fuzzy commitment over IoT devices which is said to be Improved Two Factor Fuzzy Commitment Scheme (ITFFCS) and this proposed ITFFCS has used two kind of noisy factors present inside and outside the IoT devices. Though, an intruder has accomplished the IoT devices with an access to the internal noisy source, the intruder can't select an exact key from the available data which have been compared using comparable module as an interest.
Findings
Moreover, the proposed ITFFC method results are compared with existing Static Random Accessible Memory (SRAM) PUF in enterprises application which illustrated the proposed ITFFC method with PUF has accomplished better results in parameters such as energy consumption, area utilization, False Acceptance Ratio (FAR) and Failure Rejection Ratio (FRR).
Originality/value
Thus, the proposed ITFFCS-PUF is comparatively better than existing method in both FAR and FRR with an average of 0.18% and 0.28%.
Details
Keywords
Reports on the 14th Annual Conference on Computers, Freedom and Privacy, held in Berkeley, California in April 2004. Outlines the themes of the papers presented in the 12 plenary…
Abstract
Reports on the 14th Annual Conference on Computers, Freedom and Privacy, held in Berkeley, California in April 2004. Outlines the themes of the papers presented in the 12 plenary sessions.
Details