scholarly journals A Challenge-Response Assisted Authorisation Scheme for Data Access in Permissioned Blockchains

Sensors ◽  
2020 ◽  
Vol 20 (17) ◽  
pp. 4681
Author(s):  
Xiaoshuai Zhang ◽  
Chao Liu ◽  
Kok Keong Chai ◽  
Stefan Poslad
Keyword(s):  
Private Information ◽  
Data Access ◽  
Right To Know ◽  
Computational Burden ◽  
Consensus Network ◽  
Privacy Leakage ◽  
Private Data ◽  
Permissioned Blockchains

Permissioned blockchains can be applied for sharing data among permitted users to authorise the data access requests in a permissioned blockchain. A consensus network constructed using pre-selected nodes should verify a data requester’s credentials to determine if he or she have the correct permissions to access the queried data. However, current studies do not consider how to protect users’ privacy for data authorisation if the pre-selected nodes become untrusted, e.g., the pre-selected nodes are manipulated by attackers. When a user’s credentials are exposed to pre-selected nodes in the consensus network during authorisation, the untrusted (or even malicious) pre-selected nodes may collect a user’s credentials and other private information without the user’s right to know. Therefore, the private data exposed to the consensus network should be tightly restricted. In this paper, we propose a challenge-response based authorisation scheme for permissioned blockchain networks named Challenge-Response Assisted Access Authorisation (CRA3) to protect users’ credentials during authorisation. In CRA3, the pre-selected nodes in the consensus network do not require users’ credentials to authorise data access requests to prevent privacy leakage when these nodes are compromised or manipulated by attackers. Furthermore, the computational burden on the consensus network for authorisation is reduced because the major computing work of the authorisation is executed by the data requester and provider in CRA3.

scholarly journals Efficient Private Conjunctive Query Protocol Over Encrypted Data

Cryptography ◽  
2021 ◽  
Vol 5 (1) ◽  
pp. 2
Author(s):  
Tushar Kanti Saha ◽  
Takeshi Koshiba
Keyword(s):  
Homomorphic Encryption ◽  
Data Access ◽  
Conjunctive Query ◽  
Conjunctive Queries ◽  
Private Data ◽  
Binary Format ◽  
Main Technique ◽  
Batch Technique ◽  
Outsourced Database ◽  
Packing Method

Conjunctive queries play a key role in retrieving data from a database. In a database, a query containing many conditions in its predicate, connected by an “and/&/∧” operator, is called a conjunctive query. Retrieving the outcome of a conjunctive query from thousands of records is a heavy computational task. Private data access to an outsourced database is required to keep the database secure from adversaries; thus, private conjunctive queries (PCQs) are indispensable. Cheon, Kim, and Kim (CKK) proposed a PCQ protocol using search-and-compute circuits in which they used somewhat homomorphic encryption (SwHE) for their protocol security. As their protocol is far from being able to be used practically, we propose a practical batch private conjunctive query (BPCQ) protocol by applying a batch technique for processing conjunctive queries over an outsourced database, in which both database and queries are encoded in binary format. As a main technique in our protocol, we develop a new data-packing method to pack many data into a single polynomial with the batch technique. We further enhance the performances of the binary-encoded BPCQ protocol by replacing the binary encoding with N-ary encoding. Finally, we compare the performance to assess the results obtained by the binary-encoded BPCQ protocol and the N-ary-encoded BPCQ protocol.

scholarly journals Limiting Privacy Breaches in Average-Distance Query

2020 ◽  
Vol 2020 ◽  
pp. 1-24
Author(s):  
Huihua Xia ◽  
Yan Xiong ◽  
Wenchao Huang ◽  
Zhaoyi Meng ◽  
Fuyou Miao
Keyword(s):  
Service Providers ◽  
Average Distance ◽  
Real Life ◽  
Privacy Preserving ◽  
Business Decision ◽  
Privacy Leakage ◽  
Private Data ◽  
New Type ◽  
Different Dimensions ◽  
Privacy Breaches

Querying average distances is useful for real-world applications such as business decision and medical diagnosis, as it can help a decision maker to better understand the users’ data in a database. However, privacy has been an increasing concern. People are now suffering serious privacy leakage from various kinds of sources, especially service providers who provide insufficient protection on user’s private data. In this paper, we discover a new type of attack in an average-distance query (AVGD query) with noisy results. The attack is general that it can be used to reveal private data of different dimensions. We theoretically analyze how different factors affect the accuracy of the attack and propose the privacy-preserving mechanism based on the analysis. We experiment on two real-life datasets to show the feasibility and severity of the attack. The results show that the severity of the attack is mainly influenced by the factors including the noise magnitude, the number of queries, and the number of users in each query. Also, we validate the correctness of our theoretical analysis by comparing with the experimental results and confirm the effectiveness of the privacy-preserving mechanism.

Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing

2018 ◽  
Vol 09 (05) ◽  
pp. 1850045 ◽  
Author(s):  
Bharati Ainapure ◽  
Deven Shah ◽  
A. Ananda Rao
Keyword(s):  
Cloud Computing ◽  
Private Information ◽  
Privacy Preservation ◽  
Virtual Machines ◽  
Fuzzy Rule ◽  
Data Access ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Cloud Providers

Cloud computing supports multitenancy to satisfy the users’ demands for accessing resources and simultaneously it increases revenue for cloud providers. Cloud providers adapt multitenancy by virtualizing the resources, like CPU, network interfaces, peripherals, hard drives and memory using hypervisor to fulfill the demand. In a virtualized environment, many virtual machines (VMs) can run on the same core with the help of the hypervisor by sharing the resources. The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks. Among various side channel attacks in cloud computing, cache-based side channel attack is one that leaks private information of the users based on the shared resources. Here, as the shared resource is the cache, a process can utilize the cache usage of another by cache contention. Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred. Discovering this side channel attack is a challenging task. This requires identification of a feature that influences the attack. Even though there are various techniques available in the literature to mitigate such attacks, an effective solution to reduce the cache-based side channel attack is still an issue. Therefore, a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access (CDA). The factor that determines the attack is CDA in a log file created by the framework during authorization. The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.

Studying Facebook and Instagram data: The Digital Footprints software

First Monday ◽  
2015 ◽  
Author(s):  
Anja Bechmann ◽  
Peter Bjerregaard Vahlstrup
Keyword(s):  
Data Extraction ◽  
Application Programming Interface ◽  
Data Access ◽  
Quality Data ◽  
Ethical Considerations ◽  
Private Data ◽  
User Data ◽  
Application Programming ◽  
Digital Footprints ◽  
Programming Interface

The aim of this article is to discuss methodological implications and challenges in different kinds of deep and big data studies of Facebook and Instagram through methods involving the use of Application Programming Interface (API) data. This article describes and discusses Digital Footprints (www.digitalfootprints.dk), a data extraction and analytics software that allows researchers to extract user data from Facebook and Instagram data sources; public streams as well as private data with user consent. Based on insights from the software design process and data driven studies the article argues for three main challenges: Data quality, data access and analysis, and legal and ethical considerations.

scholarly journals SPIN: A Blockchain-Based Framework for Sharing COVID-19 Pandemic Information across Nations

2021 ◽  
Vol 11 (18) ◽  
pp. 8767
Author(s):  
Yazeed Alabdulkarim ◽  
Abdulmajeed Alameer ◽  
Mohammed Almukaynizi ◽  
Abdulaziz Almaslukh
Keyword(s):  
Private Information ◽  
International Travel ◽  
Security And Privacy ◽  
Shopping Malls ◽  
Economic Activities ◽  
Prototype Implementation ◽  
Policies And Measures ◽  
Private Data ◽  
Public Data ◽  
Rapid Spread

The COVID-19 pandemic has caused many countries around the globe to put strict policies and measures in place in an attempt to control the rapid spread of the virus. These measures have affected economic activities and have impacted a broad range of businesses, such as international traveling, restaurants, and shopping malls. As COVID-19 vaccination efforts progress, countries are starting to relax international travel constraints and permit passengers from certain destinations to cross the border. Moreover, travelers from those destinations are likely required to provide certificates of vaccination results or negative COVID-19 tests before crossing the borders. Implementing these travel guidelines requires sharing information between countries, such as the number of COVID-19 cases and vaccination certificates for travelers. In this paper, we introduce SPIN, a framework leveraging a permissioned blockchain for sharing COVID-19 information between countries. This includes public data, such as the number of vaccinated people, and private data, such as vaccination certificates for individuals. Additionally, we employ cancelable fingerprint templates to authenticate private information about travelers. We analyze the framework from scalability, efficiency, security, and privacy perspectives. To validate our framework, we provide a prototype implementation using the Hyperledger Fabric platform.

scholarly journals Predicting the APT for Cyber Situation Comprehension in 5G-Enabled IoT Scenarios Based on Differentially Private Federated Learning

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Xiang Cheng ◽  
Qian Luo ◽  
Ye Pan ◽  
Zitong Li ◽  
Jiale Zhang ◽  
...  
Keyword(s):  
Prediction Method ◽  
Training Data ◽  
Communication Overhead ◽  
Growth Trend ◽  
Advanced Persistent Threat ◽  
Privacy Leakage ◽  
Private Data ◽  
Maximum Protection ◽  
Correlation Rules ◽  
Iot Devices

Driven by the advancements in 5G-enabled Internet of Things (IoT) technologies, the IoT devices have shown an explosive growth trend with massive data generated at the edge of the network. However, IoT systems exhibit inherent vulnerability for diverse attacks, and Advanced Persistent Threat (APT) is one of the most powerful attack models that could lead to a significant privacy leakage of systems. Moreover, recent detection technologies can hardly meet the demands of effective security defense against APTs. To address the above problems, we propose an APT Prediction Method based on Differentially Private Federated Learning (APTPMFL) to predict the probability of subsequent APT attacks occurring in IoT systems. It is the first time to apply a federated learning mechanism for aggregating suspicious activities in the IoT systems, where the APT prediction phase does not need any correlation rules. Moreover, to achieve privacy-preserving property, we further adopt a differentially private data perturbation mechanism to add the Laplacian random noises to the IoT device training data features, so as to achieve the maximum protection of privacy data. We also present a 5G-enabled edge computing-based framework to train and deploy the model, which can alleviate the computing and communication overhead of the typical IoT systems. Our evaluation results show that APTPMFL can efficiently predict subsequent APT behaviors in the IoT system accurately and efficiently.

scholarly journals Program Analysis For Database Injections

2017 ◽  
Vol 16 (6) ◽  
pp. 6977-6986
Author(s):  
Chelsea Ramsingh ◽  
Paolina Centonze
Keyword(s):  
Open Source ◽  
Private Information ◽  
Program Analysis ◽  
Query Language ◽  
Cyber Attacks ◽  
Test Cases ◽  
Sensitive Data ◽  
Sql Injection ◽  
Testing Tools ◽  
Private Data

Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws these two tools are able to detect. Also, there are no detailed papers found fully testing the open-source Burp Suite and Vega for SQL Injection. These two open-source tools are commonly used but have not been tested enough. A static analyzer detecting SQL Injection will be used to test and compare the results of the dynamic analyzer. In addition, this paper will suggest techniques and methods to ensure the security of sensitive data from SQL injection. The prevention of SQL injection is imperative and it is crucial to secure the sensitive data from potential hackers who want to exploit it.

Flexible quantum protocol for nearest private query

2021 ◽  
pp. 2150023
Author(s):  
Aihan Yin ◽  
Ziliang Tan ◽  
Tong Chen ◽  
Weibin Lin ◽  
Qiutong Wu
Keyword(s):  
Quantum State ◽  
Private Information ◽  
Fault Tolerant ◽  
Key Distribution ◽  
Private Data ◽  
Database Size ◽  
Quantum Protocol

Nearest private query (NPQ) allows user to query which element in the database is the nearest to his private data without revealing any private information and this query is typically used for location query services. However, the previous NPQ protocol only involved the implementation of its functions and ignored the user’s private experience. In addition, the average number of key bits obtained by the user is only determined by the size of the database. In order to improve the flexibility and practicality of the protocol, we proposed a flexible protocol for nearest private query based on quantum oblivious key distribution (QOKD). The parameter [Formula: see text] was added to the prepared quantum state. The average number of the key bits Alice obtained can locate on any fixed value by adjusting the parameter [Formula: see text] whatever the database size was. In addition, our protocol is flexible and fault-tolerant.

scholarly journals 1657. Notes From the Field: A Survey of Mobile Device Usage Among Individuals in KwaZulu-Natal, South Africa

2019 ◽  
Vol 6 (Supplement_2) ◽  
pp. S606-S606
Author(s):  
Breanna R Campbell ◽  
Koeun Choi ◽  
Megan Gray ◽  
Chelsea Canan ◽  
Anthony Moll ◽  
...  
Keyword(s):  
South Africa ◽  
Health Information ◽  
Cell Phone ◽  
Data Access ◽  
People Living With Hiv ◽  
Medical Male Circumcision ◽  
Condomless Sex ◽  
Private Data ◽  
Kwazulu Natal ◽  
To Receive

Abstract Background mHealth (mobile health) is a promising tool to deliver healthcare interventions to underserved populations. Across low- and middle-income countries (LMIC), the prevalence of smartphones has risen to 42%. Effective mHealth deployment in LMIC requires an understanding of how LMIC populations use mobile technology. We characterized the use of mobile devices in rural KwaZulu-Natal, South Africa to tailor mHealth interventions for people living with HIV and at risk for acquiring HIV. Methods We surveyed participants in community settings and offered free HIV counseling and testing. Participants self-reported their gender, age, relationship status, living distance from preferred clinic, receipt of monthly grant, condomless sex frequency, and circumcision status (if male). Outcomes included cell phone and smartphone ownership, private data access, health information seeking, and willingness to receive healthcare messages. We performed multivariable logistic regression to assess the relationship between demographic factors and outcomes. Results Among 788 individuals surveyed, the median age was 28 (IQR 22–40) years, 75% were male, and 86% owned personal cell phones, of which 43% were smartphones. The majority (59%) reported having condomless sex and most (59%) males reported being circumcised. Although only 10% used the phone to seek health information, 93% of cell phone owners were willing to receive healthcare messages. Being young, female, and in a relationship were associated with cell phone ownership. Smartphone owners were more likely to be young and female, less likely to live 10–30 minutes from preferred clinic, and less likely to receive a monthly grant. Those reporting condomless sex or lack of circumcision were significantly less likely to have private data access. Conclusion Most participants were willing to receive healthcare messages via phone, indicating that mHealth interventions may be feasible in rural KwaZulu-Natal. Smartphone-based mHealth interventions specifically geared to prevent or support the care of HIV in young women in KwaZulu-Natal may be feasible. mHealth interventions encouraging condom use and medical male circumcision should consider the use of non-smartphone SMS and be attuned to mobile data limitations. Disclosures All authors: No reported disclosures.

CLAIM FOR COMPENSATION OF UTILIZING E-MAIL PERSONAL DATA UNDER ACT NO. 19 YEAR 2016 ABOUT THE ELECTRONIC TRANSACTION AND INFORMATION

2018 ◽  
Vol 2 (2) ◽  
pp. 158
Author(s):  
Zulfa Ul Hazanah ◽  
Putu Ari Sara Deviyanti ◽  
Descamvri Intan Zams Pettalolo ◽  
Merlyn Lucia ◽  
Terecia Wenas
Keyword(s):  
Private Information ◽  
Electronic Mail ◽  
Personal Data ◽  
Private Data ◽  
Information And Communication ◽  
Specific Regulation ◽  
E Mail ◽  
Private Right

<p>Personal data in electronic mail needs to be protected. Any collection and dissemination of personal data is classified into violation against individual’s privacy, as personal right involves the rights of determining, providing, or not providing personal data. Private data is a high-valued economy asset or commodity. This far, however, the protection on individual’s personal data in Indonesia is not set under a specific regulation, and thus evoking various issues against private right, in particular to personal data. The personal data discussed in this study is related to electronic one, especially electronic mail, and this refers to Act No. 19 Year 2016 about the Amendment of Act No. 11 Year 2008 about Electronic Transaction and Information. Nevertheless, it solely has restricted regulation on personal data, while the issue of utilizing individual’s personal data is increasing. This paper discusses the concept of personal data in terms of electronic mail along with the regulation of its utilization. The result shows that the concept of personal data in electronic mail is specifically extensive, involving the scope of private information and communication.</p>

Sign in / Sign up

Export Citation Format

Share Document