Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856750
Isil Karabey, Gamze Akman
Nowadays, while the popularity of chat applications increases, this popularity brings some security problems with it. A variety of authentication mechanisms and encrypting methods are suggested and applied between server and client to minimize the increasing security problems in literature and marketing companies. In this study, various security measures have been considered for instant messaging applications, a java based client-server chat application developed by Professor Dan Boneh [1] and his assistants from Stanford University has been made secure and a secured chat application model which has three steps has been developed. At the first step, server has been identified itself to certificate authority and password authentication procedure has been performed to identify client itself to server. The second step is called as connection and client connects to chat room via ticket granting ticket (TGT) request in this step. Messages written by clients are sent to server cryptically through symmetric encryption method Advanced Encryption Standard (AES) in the third step which is called as encrypted messaging too. Source code of this application is accessible to everyone from the reference [9].
{"title":"A cryptographic approach for secure client - server chat application using public key infrastructure (PKI)","authors":"Isil Karabey, Gamze Akman","doi":"10.1109/ICITST.2016.7856750","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856750","url":null,"abstract":"Nowadays, while the popularity of chat applications increases, this popularity brings some security problems with it. A variety of authentication mechanisms and encrypting methods are suggested and applied between server and client to minimize the increasing security problems in literature and marketing companies. In this study, various security measures have been considered for instant messaging applications, a java based client-server chat application developed by Professor Dan Boneh [1] and his assistants from Stanford University has been made secure and a secured chat application model which has three steps has been developed. At the first step, server has been identified itself to certificate authority and password authentication procedure has been performed to identify client itself to server. The second step is called as connection and client connects to chat room via ticket granting ticket (TGT) request in this step. Messages written by clients are sent to server cryptically through symmetric encryption method Advanced Encryption Standard (AES) in the third step which is called as encrypted messaging too. Source code of this application is accessible to everyone from the reference [9].","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123191849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856707
Tiago Vieira, C. Serrão
Nowadays, information security is an increasing concern in institutions and organizations. This concern is even greater in the finance sector, not only because the financial amount involved but also clients and organization's private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing (pentest) which simulates an attacker's behavior in a controlled environment in order to identify its vulnerabilities. This article focusses on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.
{"title":"Web security in the finance sector","authors":"Tiago Vieira, C. Serrão","doi":"10.1109/ICITST.2016.7856707","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856707","url":null,"abstract":"Nowadays, information security is an increasing concern in institutions and organizations. This concern is even greater in the finance sector, not only because the financial amount involved but also clients and organization's private and sensitive information. As a way to test security in infrastructures, networks, deployed web applications and many other assets, organizations have been performing penetration testing (pentest) which simulates an attacker's behavior in a controlled environment in order to identify its vulnerabilities. This article focusses on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications security level. To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more. As for penetration testing, organizations such as OWASP provide vulnerability and security information, a testing methodology, risk analysis and penetration testing tools.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129948009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856697
A. Khattak, Farkhund Iqbal, P. Hung, Jwo-Shiun Sun, Guan-Pu Pan, Jing-Jie Lin
The Health Authority - Abu Dhabi (HAAD) mobile e-Service is a smartphone or smart device installed with the HAAD mobile app. This connects to one or more e-services at the HAAD Cloud to facilitate healthcare services for the residents at the Emirate of Abu Dhabi in the United Arab Emirates (UAE). A mobile device in this context can be effectively considered Internet of Things (IoT), which can provide advanced online services to both healthcare provider and requestor under the control and monitor of the HAAD. Health information is among the most sensitive information of an individual that can be collected and shared. The information that needs to be protected in the healthcare sector is often referred to as Protected Health Information (PHI). Service providers with a good reputation for privacy protection will find it easier to build a trusted relationship with their users. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA standards are designed for protecting health information. This paper discusses related privacy requirements for Mobile e-Service at the HAAD in accordance with the HIPAA privacy requirements.
{"title":"Privacy Requirements for mobile e-Service in the Health Authority - Abu Dhabi (HAAD)","authors":"A. Khattak, Farkhund Iqbal, P. Hung, Jwo-Shiun Sun, Guan-Pu Pan, Jing-Jie Lin","doi":"10.1109/ICITST.2016.7856697","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856697","url":null,"abstract":"The Health Authority - Abu Dhabi (HAAD) mobile e-Service is a smartphone or smart device installed with the HAAD mobile app. This connects to one or more e-services at the HAAD Cloud to facilitate healthcare services for the residents at the Emirate of Abu Dhabi in the United Arab Emirates (UAE). A mobile device in this context can be effectively considered Internet of Things (IoT), which can provide advanced online services to both healthcare provider and requestor under the control and monitor of the HAAD. Health information is among the most sensitive information of an individual that can be collected and shared. The information that needs to be protected in the healthcare sector is often referred to as Protected Health Information (PHI). Service providers with a good reputation for privacy protection will find it easier to build a trusted relationship with their users. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA standards are designed for protecting health information. This paper discusses related privacy requirements for Mobile e-Service at the HAAD in accordance with the HIPAA privacy requirements.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130566491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856754
Gabriele Spenger, J. Keller
Chaotic functions have been announced in the literature as promising for implementing low complexity pseudo-random number generators (PRNGs) required e.g. for RFID security applications. They combine good theoretical statistical properties with a computationally simple algorithm. Unfortunately, actual implementations with finite number precision show a disappointing behavior compared to the mathematical theory. This results for example in comparably short cycles in the state space graph, which lead to a repetition of the generated pseudo random values after a small number of iterations. This paper presents a simple way to improve the state space structure of chaotic PRNGs by using a different parametrization of the chaotic function at certain iterations and hereby breaking out of these cycles. This approach reduces this aspect of the weakness of such implementations, which we demonstrate with several examples.
{"title":"Structural improvements of chaotic PRNG implementations","authors":"Gabriele Spenger, J. Keller","doi":"10.1109/ICITST.2016.7856754","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856754","url":null,"abstract":"Chaotic functions have been announced in the literature as promising for implementing low complexity pseudo-random number generators (PRNGs) required e.g. for RFID security applications. They combine good theoretical statistical properties with a computationally simple algorithm. Unfortunately, actual implementations with finite number precision show a disappointing behavior compared to the mathematical theory. This results for example in comparably short cycles in the state space graph, which lead to a repetition of the generated pseudo random values after a small number of iterations. This paper presents a simple way to improve the state space structure of chaotic PRNGs by using a different parametrization of the chaotic function at certain iterations and hereby breaking out of these cycles. This approach reduces this aspect of the weakness of such implementations, which we demonstrate with several examples.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127095823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856690
Louis Tajan, D. Westhoff, Christian A. Reuter, Frederik Armknecht
In the work at hand, we combine a Private Information Retrieval (PIR) protocol with Somewhat Homomorphic Encryption (SHE) and use Searchable Encryption (SE) with the objective to provide security and confidentiality features for a third party cloud security audit. During the auditing process, a third party auditor will act on behalf of a cloud service user to validate the security requirements performed by a cloud service provider. Our concrete contribution consists of developing a PIR protocol which is proceeding directly on a log database of encrypted data and allowing to retrieve a sum or a product of multiple encrypted elements. Subsequently, we concretely apply our new form of PIR protocol to a cloud audit use case where searchable encryption is employed to allow additional confidentiality requirements to the privacy of the user. Exemplarily we are considering and evaluating an audit of client accesses to a controlled resource provided by a cloud service provider.
{"title":"Private information retrieval and Searchable Encryption for privacy-preserving multi-client cloud auditing","authors":"Louis Tajan, D. Westhoff, Christian A. Reuter, Frederik Armknecht","doi":"10.1109/ICITST.2016.7856690","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856690","url":null,"abstract":"In the work at hand, we combine a Private Information Retrieval (PIR) protocol with Somewhat Homomorphic Encryption (SHE) and use Searchable Encryption (SE) with the objective to provide security and confidentiality features for a third party cloud security audit. During the auditing process, a third party auditor will act on behalf of a cloud service user to validate the security requirements performed by a cloud service provider. Our concrete contribution consists of developing a PIR protocol which is proceeding directly on a log database of encrypted data and allowing to retrieve a sum or a product of multiple encrypted elements. Subsequently, we concretely apply our new form of PIR protocol to a cloud audit use case where searchable encryption is employed to allow additional confidentiality requirements to the privacy of the user. Exemplarily we are considering and evaluating an audit of client accesses to a controlled resource provided by a cloud service provider.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123039048","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856705
Sanjay Kumar, A. Viinikainen, T. Hämäläinen
With an enormous increase in number of mobile users, mobile threats are also growing rapidly. Mobile malwares can lead to several cybersecurity threats i.e. stealing sensitive information, installing backdoors, ransomware attacks and sending premium SMSs etc. Previous studies have shown that due to the sophistication of threats and tailored techniques to avoid detection, not every antivirus system is capable of detecting advance threats. However, an extra layer of security at the network side can protect users from these advanced threats by analyzing the traffic patterns. To detect these threats, this paper proposes and evaluates, a Machine Learning (ML) based model for Network based Intrusion Detection Systems (NIDS). In this research, several supervised ML classifiers were built using data-sets containing labeled instances of network traffic features generated by several malicious and benign applications. The focus of this research is on Android based malwares due to its global share in mobile malware and popularity among users. Based on the evaluation results, the model was able to detect known and unknown threats with the accuracy of up to 99.4%. This ML model can also be integrated with traditional intrusion detection systems in order to detect advanced threats and reduce false positives.
{"title":"Machine learning classification model for Network based Intrusion Detection System","authors":"Sanjay Kumar, A. Viinikainen, T. Hämäläinen","doi":"10.1109/ICITST.2016.7856705","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856705","url":null,"abstract":"With an enormous increase in number of mobile users, mobile threats are also growing rapidly. Mobile malwares can lead to several cybersecurity threats i.e. stealing sensitive information, installing backdoors, ransomware attacks and sending premium SMSs etc. Previous studies have shown that due to the sophistication of threats and tailored techniques to avoid detection, not every antivirus system is capable of detecting advance threats. However, an extra layer of security at the network side can protect users from these advanced threats by analyzing the traffic patterns. To detect these threats, this paper proposes and evaluates, a Machine Learning (ML) based model for Network based Intrusion Detection Systems (NIDS). In this research, several supervised ML classifiers were built using data-sets containing labeled instances of network traffic features generated by several malicious and benign applications. The focus of this research is on Android based malwares due to its global share in mobile malware and popularity among users. Based on the evaluation results, the model was able to detect known and unknown threats with the accuracy of up to 99.4%. This ML model can also be integrated with traditional intrusion detection systems in order to detect advanced threats and reduce false positives.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"252 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117300412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856736
T. Nawrath, D. Fischer, B. Markscheffel
Our research work presents findings from literature review and expert interviews with more detailed knowledge of privacy-sensitive data in connected cars. At first we explore which privacy-sensitive data are collected in cars and how they are collected. Then we describe who receives the data, for what purposes and how car users can determine if their privacy-sensitive data are being collected and used. Furthermore, we analyze exemplary security measures for privacy-sensitive data in connected cars and consider which threats can be prevented or mitigated by these measures. Examples of measures to improve the transparency and security of privacy-sensitive data in connected cars are presented.
{"title":"Privacy-sensitive data in connected cars","authors":"T. Nawrath, D. Fischer, B. Markscheffel","doi":"10.1109/ICITST.2016.7856736","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856736","url":null,"abstract":"Our research work presents findings from literature review and expert interviews with more detailed knowledge of privacy-sensitive data in connected cars. At first we explore which privacy-sensitive data are collected in cars and how they are collected. Then we describe who receives the data, for what purposes and how car users can determine if their privacy-sensitive data are being collected and used. Furthermore, we analyze exemplary security measures for privacy-sensitive data in connected cars and consider which threats can be prevented or mitigated by these measures. Examples of measures to improve the transparency and security of privacy-sensitive data in connected cars are presented.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115186685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856681
Robin M. Fay, C. Ruland
Compressed Sensing may offer confidentiality with a good level of security that comes at limited extra costs. By this means, encryption can be added right into the sampling process. Previous proposals of Compressive Sensing encryption schemes are based on the randomness introduced by the sensing matrix. Once the matrix is fixed, the encryption becomes deterministic and therefore it can hardly be secure when encrypting more than a single signal. The work presented in this paper is built on the theoretical results on the secrecy of one-time Compressive Sensing encryption, and it proposes practical realizations, which extend this kind of encryption so that multiple signals may be encrypted under a single key. The confidentiality of the signal is thereby solely given by the inherent secrecy of the compressed measurements. In contrast to recent suggestions, the modes of operation defined in this paper are able to encrypt signals with different energy without exposing the signals energy to an eavesdropper. A general design for Compressive Sensing encryption modes is presented along with two realizations: one designed for parallel processing and another one that is self-synchronizing. The secrecy of the proposed modes is reduced to the secrecy of known and trusted cryptographic primitives. Compressive Sensing encryption modes are useful in a wide range of practical applications by providing a joint end-to-end encryption and compression that starts at the sensor level.
{"title":"Compressive Sensing encryption modes and their security","authors":"Robin M. Fay, C. Ruland","doi":"10.1109/ICITST.2016.7856681","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856681","url":null,"abstract":"Compressed Sensing may offer confidentiality with a good level of security that comes at limited extra costs. By this means, encryption can be added right into the sampling process. Previous proposals of Compressive Sensing encryption schemes are based on the randomness introduced by the sensing matrix. Once the matrix is fixed, the encryption becomes deterministic and therefore it can hardly be secure when encrypting more than a single signal. The work presented in this paper is built on the theoretical results on the secrecy of one-time Compressive Sensing encryption, and it proposes practical realizations, which extend this kind of encryption so that multiple signals may be encrypted under a single key. The confidentiality of the signal is thereby solely given by the inherent secrecy of the compressed measurements. In contrast to recent suggestions, the modes of operation defined in this paper are able to encrypt signals with different energy without exposing the signals energy to an eavesdropper. A general design for Compressive Sensing encryption modes is presented along with two realizations: one designed for parallel processing and another one that is self-synchronizing. The secrecy of the proposed modes is reduced to the secrecy of known and trusted cryptographic primitives. Compressive Sensing encryption modes are useful in a wide range of practical applications by providing a joint end-to-end encryption and compression that starts at the sensor level.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"61 7-8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114111582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856753
Michal Kvet, Monika Vajsová
Development in information systems has brought the need for universal access to data stored in computer systems using database approach. It should ensure quality, reliability, performance with emphasis on rising data amount. The first part of the paper deals with the index structure definition, index access methods, which delimit access type. However, another significant factor is the data security. The second part of the paper deals with the audit as one element of complex activities. Standard database auditing does not influence defined index, but can generate too much data regardless the query type. Fine-grained auditing is new opportunity based on attribute granularity. Experiment section highlights limitations of index access methods, when adding new audit policy. As we can see, new audit characteristic definition can significantly degrade performance due to adding new conditions to the query consequencing sequential table data processing.
{"title":"Performance study of the index structures in audited environment","authors":"Michal Kvet, Monika Vajsová","doi":"10.1109/ICITST.2016.7856753","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856753","url":null,"abstract":"Development in information systems has brought the need for universal access to data stored in computer systems using database approach. It should ensure quality, reliability, performance with emphasis on rising data amount. The first part of the paper deals with the index structure definition, index access methods, which delimit access type. However, another significant factor is the data security. The second part of the paper deals with the audit as one element of complex activities. Standard database auditing does not influence defined index, but can generate too much data regardless the query type. Fine-grained auditing is new opportunity based on attribute granularity. Experiment section highlights limitations of index access methods, when adding new audit policy. As we can see, new audit characteristic definition can significantly degrade performance due to adding new conditions to the query consequencing sequential table data processing.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114248923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856693
A. Michalas
Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain - a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.
{"title":"Sharing in the rain: Secure and efficient data sharing for the Cloud","authors":"A. Michalas","doi":"10.1109/ICITST.2016.7856693","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856693","url":null,"abstract":"Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain - a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124960817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: