Pub Date : 2017-09-07DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.284
Max Smith-Creasey, M. Rajarajan
In this study we produce a continuous authentication scheme for mobile devices that adjusts an adaptive threshold for touchscreen interactions based on trust in passively collected sensor data. Our framework unobtrusively compares real-time sensor data of a user to historic data and adjusts a trust parameter based on the similarity. We show that the trust parameter can be used to adjust an adaptive threshold in continuous authentication schemes. The framework passively models temporal, spatial and activity scenarios using sensor data such as location, surrounding devices, wi-fi networks, ambient noise, movements, user activity, ambient light, proximity to objects and atmospheric pressure from study participants. Deviations from the models increases the level of threat the device perceives from the scenario. We also model the user touchscreen interactions. The touchscreen interactions are authenticated against a threshold that is continually adjusted based on the perceived trust. This scheme provides greater nuance between security and usability, enabling more refined decisions. We present our novel framework and threshold adjustment criteria and validate our framework on two state-of-the-art sensor datasets. Our framework more than halves the false acceptance and false rejection rates of a static threshold system.
{"title":"Adaptive Threshold Scheme for Touchscreen Gesture Continuous Authentication Using Sensor Trust","authors":"Max Smith-Creasey, M. Rajarajan","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.284","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.284","url":null,"abstract":"In this study we produce a continuous authentication scheme for mobile devices that adjusts an adaptive threshold for touchscreen interactions based on trust in passively collected sensor data. Our framework unobtrusively compares real-time sensor data of a user to historic data and adjusts a trust parameter based on the similarity. We show that the trust parameter can be used to adjust an adaptive threshold in continuous authentication schemes. The framework passively models temporal, spatial and activity scenarios using sensor data such as location, surrounding devices, wi-fi networks, ambient noise, movements, user activity, ambient light, proximity to objects and atmospheric pressure from study participants. Deviations from the models increases the level of threat the device perceives from the scenario. We also model the user touchscreen interactions. The touchscreen interactions are authenticated against a threshold that is continually adjusted based on the perceived trust. This scheme provides greater nuance between security and usability, enabling more refined decisions. We present our novel framework and threshold adjustment criteria and validate our framework on two state-of-the-art sensor datasets. Our framework more than halves the false acceptance and false rejection rates of a static threshold system.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"177 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126002841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-04DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.302
Daniel Jacobs, Kim-Kwang Raymond Choo, Mohand Tahar Kechadi, Nhien-An Le-Khac
Vehicles are fast becoming another important source of digital evidence in a criminal investigation. Traditionally, when a vehicle is involved in a crime scene (e.g. drink driving), the investigators focus on the acquisition of DNA, fingerprints and other identifying materials, usually non digital in nature. However, modern day cars, particularly smart or driverless cars, store a wealth of digital information, such as recent destinations, favorite locations, routes, personal data such as call logs, contact lists, SMS messages, pictures, and videos. In this paper, we describe some challenges associated with vehicle data forensics, an understudied area. Next, we present our case study on forensic acquisition and data analysis of an entertainment system on a Volkswagen car.
{"title":"Volkswagen Car Entertainment System Forensics","authors":"Daniel Jacobs, Kim-Kwang Raymond Choo, Mohand Tahar Kechadi, Nhien-An Le-Khac","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.302","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.302","url":null,"abstract":"Vehicles are fast becoming another important source of digital evidence in a criminal investigation. Traditionally, when a vehicle is involved in a crime scene (e.g. drink driving), the investigators focus on the acquisition of DNA, fingerprints and other identifying materials, usually non digital in nature. However, modern day cars, particularly smart or driverless cars, store a wealth of digital information, such as recent destinations, favorite locations, routes, personal data such as call logs, contact lists, SMS messages, pictures, and videos. In this paper, we describe some challenges associated with vehicle data forensics, an understudied area. Next, we present our case study on forensic acquisition and data analysis of an entertainment system on a Volkswagen car.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"691 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122981612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.343
Tomoaki Mimoto, S. Kiyomoto, Katsuya Tanaka, A. Miyaji
Personal data has great potential for building an efficient and sustainable society; thus several privacy preserving techniques have been proposed to solve the essential issue of maintaining privacy in the use of personal data. Anonymization techniques are promising techniques applicable to huge-size personal data in order to reduce its re-identification risk. However, there is a trade-off between the utility of anonymized datasets and the risk of re-identification of individuals from the anonymized dataset, and so far no perfect solution has been provided. In previous studies, ideal adversaries in possession of all records of an original dataset have been considered in risk analyses, because an anonymized dataset is assumed to be publicly accessible, and once the record of a target is re-identified, privacy breaches are serious and may be uncontrollable. However, anonymized datasets are assumed to be distributed between organizations via secure channels in typical business situations. In this paper, we consider the actual risk to anonymized datasets and propose an analysis method that yields more stringent risk estimation in real settings with real adversaries. Furthermore, we present some experimental results using medical records. Our method is practical and useful for anonymized datasets generated by common anonymization methods such as generalization, noise addition and sampling, and can lead to generate more useful anonymized datasets.
{"title":"(p, N)-identifiability: Anonymity under Practical Adversaries","authors":"Tomoaki Mimoto, S. Kiyomoto, Katsuya Tanaka, A. Miyaji","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.343","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.343","url":null,"abstract":"Personal data has great potential for building an efficient and sustainable society; thus several privacy preserving techniques have been proposed to solve the essential issue of maintaining privacy in the use of personal data. Anonymization techniques are promising techniques applicable to huge-size personal data in order to reduce its re-identification risk. However, there is a trade-off between the utility of anonymized datasets and the risk of re-identification of individuals from the anonymized dataset, and so far no perfect solution has been provided. In previous studies, ideal adversaries in possession of all records of an original dataset have been considered in risk analyses, because an anonymized dataset is assumed to be publicly accessible, and once the record of a target is re-identified, privacy breaches are serious and may be uncontrollable. However, anonymized datasets are assumed to be distributed between organizations via secure channels in typical business situations. In this paper, we consider the actual risk to anonymized datasets and propose an analysis method that yields more stringent risk estimation in real settings with real adversaries. Furthermore, we present some experimental results using medical records. Our method is practical and useful for anonymized datasets generated by common anonymization methods such as generalization, noise addition and sampling, and can lead to generate more useful anonymized datasets.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123089294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/TRUSTCOM/BIGDATASE/ICESS.2017.236
Martin Henze, Benedikt Wolters, Roman Matzutt, T. Zimmermann, Klaus Wehrle
Network-based deployments within the Internet of Things increasingly rely on the cloud-controlled federation of individual networks to configure, authorize, and manage devices across network borders. While this approach allows the convenient and reliable interconnection of networks, it raises severe security and safety concerns. These concerns range from a curious cloud provider accessing confidential data to a malicious cloud provider being able to physically control safety-critical devices. To overcome these concerns, we present D-CAM, which enables secure and distributed configuration, authorization, and management across network borders in the cloud-based Internet of Things. With D-CAM, we constrain the cloud to act as highly available and scalable storage for control messages. Consequently, we achieve reliable network control across network borders and strong security guarantees. Our evaluation confirms that D-CAM adds only a modest overhead and can scale to large networks.
{"title":"Distributed Configuration, Authorization and Management in the Cloud-Based Internet of Things","authors":"Martin Henze, Benedikt Wolters, Roman Matzutt, T. Zimmermann, Klaus Wehrle","doi":"10.1109/TRUSTCOM/BIGDATASE/ICESS.2017.236","DOIUrl":"https://doi.org/10.1109/TRUSTCOM/BIGDATASE/ICESS.2017.236","url":null,"abstract":"Network-based deployments within the Internet of Things increasingly rely on the cloud-controlled federation of individual networks to configure, authorize, and manage devices across network borders. While this approach allows the convenient and reliable interconnection of networks, it raises severe security and safety concerns. These concerns range from a curious cloud provider accessing confidential data to a malicious cloud provider being able to physically control safety-critical devices. To overcome these concerns, we present D-CAM, which enables secure and distributed configuration, authorization, and management across network borders in the cloud-based Internet of Things. With D-CAM, we constrain the cloud to act as highly available and scalable storage for control messages. Consequently, we achieve reliable network control across network borders and strong security guarantees. Our evaluation confirms that D-CAM adds only a modest overhead and can scale to large networks.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121252630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.273
Lingjuan Lyu, Yee Wei Law, Jiong Jin, M. Palaniswami
This paper proposes a novel privacy-preserving smart metering system for aggregating distributed smart meter data. It addresses two important challenges: (i) individual users wish to publish sensitive smart metering data for specific purposes, and (ii) an untrusted aggregator aims to make queries on the aggregate data. We handle these challenges using two main techniques. First, we propose Fourier Perturbation Algorithm (FPA) and Wavelet Perturbation Algorithm (WPA) which utilize Fourier/Wavelet transformation and distributed differential privacy (DDP) to provide privacy for the released statistic with provable sensitivity and error bounds. Second, we leverage an exponential ElGamal encryption mechanism to enable secure communications between the users and the untrusted aggregator. Standard differential privacy techniques perform poorly for time-series data as it results in a Θ(n) noise to answer n queries, rendering the answers practically useless if n is large. Our proposed distributed differential privacy mechanism relies on Gaussian principles to generate distributed noise, which guarantees differential privacy for each user with O(1) error, and provides computational simplicity and scalability. Compared with Gaussian Perturbation Algorithm (GPA) which adds distributed Gaussian noise to the original data, the experimental results demonstrate the superiority of the proposed FPA and WPA by adding noise to the transformed coefficients.
{"title":"Privacy-Preserving Aggregation of Smart Metering via Transformation and Encryption","authors":"Lingjuan Lyu, Yee Wei Law, Jiong Jin, M. Palaniswami","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.273","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.273","url":null,"abstract":"This paper proposes a novel privacy-preserving smart metering system for aggregating distributed smart meter data. It addresses two important challenges: (i) individual users wish to publish sensitive smart metering data for specific purposes, and (ii) an untrusted aggregator aims to make queries on the aggregate data. We handle these challenges using two main techniques. First, we propose Fourier Perturbation Algorithm (FPA) and Wavelet Perturbation Algorithm (WPA) which utilize Fourier/Wavelet transformation and distributed differential privacy (DDP) to provide privacy for the released statistic with provable sensitivity and error bounds. Second, we leverage an exponential ElGamal encryption mechanism to enable secure communications between the users and the untrusted aggregator. Standard differential privacy techniques perform poorly for time-series data as it results in a Θ(n) noise to answer n queries, rendering the answers practically useless if n is large. Our proposed distributed differential privacy mechanism relies on Gaussian principles to generate distributed noise, which guarantees differential privacy for each user with O(1) error, and provides computational simplicity and scalability. Compared with Gaussian Perturbation Algorithm (GPA) which adds distributed Gaussian noise to the original data, the experimental results demonstrate the superiority of the proposed FPA and WPA by adding noise to the transformed coefficients.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127218220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.261
Khaled Aldebei, Helia Farhood, W. Jia, P. Nanda, Xiangjian He
Document clustering groups documents of certain similar characteristics in one cluster. Document clustering has shown advantages on organization, retrieval, navigation and summarization of a huge amount of text documents on Internet. This paper presents a novel, unsupervised approach for clustering single-author documents into groups based on authorship. The key novelty is that we propose to extract contextual correlations to depict the writing style hidden among sentences of each document for clustering the documents. For this purpose, we build an Hidden Markov Model (HMM) for representing the relations of sequential sentences, and a two-level, unsupervised framework is constructed. Our proposed approach is evaluated on four benchmark datasets, widely used for document authorship analysis. A scientific paper is also used to demonstrate the performance of the approach on clustering short segments of a text into authorial components. Experimental results show that the proposed approach outperforms the state-of-the-art approaches.
{"title":"Sequential and Unsupervised Document Authorial Clustering Based on Hidden Markov Model","authors":"Khaled Aldebei, Helia Farhood, W. Jia, P. Nanda, Xiangjian He","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.261","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.261","url":null,"abstract":"Document clustering groups documents of certain similar characteristics in one cluster. Document clustering has shown advantages on organization, retrieval, navigation and summarization of a huge amount of text documents on Internet. This paper presents a novel, unsupervised approach for clustering single-author documents into groups based on authorship. The key novelty is that we propose to extract contextual correlations to depict the writing style hidden among sentences of each document for clustering the documents. For this purpose, we build an Hidden Markov Model (HMM) for representing the relations of sequential sentences, and a two-level, unsupervised framework is constructed. Our proposed approach is evaluated on four benchmark datasets, widely used for document authorship analysis. A scientific paper is also used to demonstrate the performance of the approach on clustering short segments of a text into authorial components. Experimental results show that the proposed approach outperforms the state-of-the-art approaches.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125577687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.305
Hiroshi Nomaguchi, A. Miyaji, Chunhua Su
RFID enable applications are ubiquitous in our society, especially become more and more important as IoT management rises. Meanwhile, the concern of security and privacy of RFID is also increasing. The pseudorandom number generator is one of the core primitives to implement RFID security. Therefore, it is necessary to design and implement a secure and robust pseudo-random number generator (PRNG) for current RFID tag. In this paper, we study the security of light-weight PRNGs for EPC Gen2 RFID tag which is an EPC Global standard. Based on our analysis, we propose an new scheme which outperform the existing PRNGs for EPC Gen2 RFID tag. We build our PRNG with a combination of NLFSR and DLFSR, and achieve more efficiency and security. We also show that our proposed PRNG has good randomness and passed the NIST randomness test. we also shows that it is resistant to identification attacks and GD attacks.
{"title":"Evaluation and Improvement of Pseudo-Random Number Generator for EPC Gen2","authors":"Hiroshi Nomaguchi, A. Miyaji, Chunhua Su","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.305","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.305","url":null,"abstract":"RFID enable applications are ubiquitous in our society, especially become more and more important as IoT management rises. Meanwhile, the concern of security and privacy of RFID is also increasing. The pseudorandom number generator is one of the core primitives to implement RFID security. Therefore, it is necessary to design and implement a secure and robust pseudo-random number generator (PRNG) for current RFID tag. In this paper, we study the security of light-weight PRNGs for EPC Gen2 RFID tag which is an EPC Global standard. Based on our analysis, we propose an new scheme which outperform the existing PRNGs for EPC Gen2 RFID tag. We build our PRNG with a combination of NLFSR and DLFSR, and achieve more efficiency and security. We also show that our proposed PRNG has good randomness and passed the NIST randomness test. we also shows that it is resistant to identification attacks and GD attacks.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"16 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125625631","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
UM-BUS, a reconfigurable high-speed device- interconnected bus, also characteristic of dynamic fault-tolerance and remote access has been proposed to enablelightweight sensor system design in IoTs. Performanceprediction is a key step to build an idea of the worst or best casesbefore real-world deployment of UM-BUS-based systems. Thispaper proposes a queuing theory-guided analytic model whichallows us to obtain an approximation for the average packetdelay as well as exact upper and lower bounds. A set ofexperiments based on MATLAB simulation are conducted to doperformance evaluation. Finally design insights are given forpragmatic implementation.
{"title":"Queuing Theory-Guided Performance Evaluation for a Reconfigurable High-Speed Device Interconnected Bus","authors":"Weiwen Chen, Keni Qiu, Jiqin Zhou, Yuanhui Ni, Yuanchao Xu","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.320","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.320","url":null,"abstract":"UM-BUS, a reconfigurable high-speed device- interconnected bus, also characteristic of dynamic fault-tolerance and remote access has been proposed to enablelightweight sensor system design in IoTs. Performanceprediction is a key step to build an idea of the worst or best casesbefore real-world deployment of UM-BUS-based systems. Thispaper proposes a queuing theory-guided analytic model whichallows us to obtain an approximation for the average packetdelay as well as exact upper and lower bounds. A set ofexperiments based on MATLAB simulation are conducted to doperformance evaluation. Finally design insights are given forpragmatic implementation.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"379 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126725686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.286
T. Lenz, Lukas Alber
Identification and authentication are essential processes in various areas of applications. While these processes are widely described and examined in respect to Web applications that are used on personal computers, the situation is more demanding on smart or mobile devices, because these devices provides other interfaces and has a different user behavior. Additionally, the smart or mobile technology sector has a continuous enhancement that results in no stable technology over the years. Consequently, a new usable, agile, and secure method becomes necessary to bring identification and secure authentication on smart or mobile platforms. In this paper, we propose a new agile mobile authentication process that closes the gap between different devices and service type. This proposed authentication process uses already existing technologies for mobile or smart devices to use these devices for identification and authentication directly. We illustrate the practical applicability of our agile mobile authentication for cross-domain eID by implementing all needed components for the Austria eGovernment infrastructure. Finally, we evaluate the implemented components during a first pilot time of 4 months.
{"title":"Towards Cross-Domain eID by Using Agile Mobile Authentication","authors":"T. Lenz, Lukas Alber","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.286","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.286","url":null,"abstract":"Identification and authentication are essential processes in various areas of applications. While these processes are widely described and examined in respect to Web applications that are used on personal computers, the situation is more demanding on smart or mobile devices, because these devices provides other interfaces and has a different user behavior. Additionally, the smart or mobile technology sector has a continuous enhancement that results in no stable technology over the years. Consequently, a new usable, agile, and secure method becomes necessary to bring identification and secure authentication on smart or mobile platforms. In this paper, we propose a new agile mobile authentication process that closes the gap between different devices and service type. This proposed authentication process uses already existing technologies for mobile or smart devices to use these devices for identification and authentication directly. We illustrate the practical applicability of our agile mobile authentication for cross-domain eID by implementing all needed components for the Austria eGovernment infrastructure. Finally, we evaluate the implemented components during a first pilot time of 4 months.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116087244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.262
F. Rezaeibagha, Y. Mu
In distributed systems, there is often a need to combine the heterogeneous access control policies to offer more comprehensive services to users in the local or national level. A large scale healthcare system is usually distributed in a computer network and might require sophisticated access control policies to protect the system. Therefore, the need for integrating the electronic healthcare systems might be important to provide a comprehensive care for patients while preserving patients' privacy and data security. However, there are major impediments in healthcare systems concerning not well-defined and flexible access control policy implementations, hindering the progress towards secure integrated systems. In this paper, we introduce an access control policy combination framework for EHR systems that preserves patients' privacy and ensures data security. We achieve our goal through an access control mechanism which handles multiple access control policies through a similarity analysis phase. In that phase, we evaluate different XACML policies to decide whether or not a policy combination is applicable. We have provided a case study to show the applicability of our proposed approach based on XACML. Our study results can be applied to the electronic health record (EHR) access control policy, which fosters interoperability and scalability among healthcare providers while preserving patients' privacy and data security.
{"title":"Access Control Policy Combination from Similarity Analysis for Secure Privacy-Preserved EHR Systems","authors":"F. Rezaeibagha, Y. Mu","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.262","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.262","url":null,"abstract":"In distributed systems, there is often a need to combine the heterogeneous access control policies to offer more comprehensive services to users in the local or national level. A large scale healthcare system is usually distributed in a computer network and might require sophisticated access control policies to protect the system. Therefore, the need for integrating the electronic healthcare systems might be important to provide a comprehensive care for patients while preserving patients' privacy and data security. However, there are major impediments in healthcare systems concerning not well-defined and flexible access control policy implementations, hindering the progress towards secure integrated systems. In this paper, we introduce an access control policy combination framework for EHR systems that preserves patients' privacy and ensures data security. We achieve our goal through an access control mechanism which handles multiple access control policies through a similarity analysis phase. In that phase, we evaluate different XACML policies to decide whether or not a policy combination is applicable. We have provided a case study to show the applicability of our proposed approach based on XACML. Our study results can be applied to the electronic health record (EHR) access control policy, which fosters interoperability and scalability among healthcare providers while preserving patients' privacy and data security.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129726820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: