PURA-SCIS Protocol: A Novel Solution for Cloud-Based Information Sharing Protection for Sectoral Organizations

Over recent years, the incidence of data breaches and cyberattacks has increased significantly. This has highlighted the need for sectoral organizations to share information about such events so that lessons can be learned to mitigate the prevalence and severity of cyber incidents against other organizations. Sectoral organizations embody a governance relationship between cross-sector public and private entities, called public-private partnerships (PPPs). However, organizations are hesitant to share such information due to a lack of trust and business-critical confidentially issues. This problem occurs because of the absence of any protocols that guarantee privacy protection and protect sensitive information. To address this issue, this paper proposes a novel protocol, Putra-Ramli Secure Cyber-incident Information Sharing (PURA-SCIS), to secure cyber incident information sharing. PURA-SCIS has been designed to offer exceptional data and privacy protection and run on the cloud services of sectoral organizations. The relationship between organizations in PURA-SCIS is symmetrical, where the entities must collectively maintain the security of classified cyber incident information. Furthermore, the organizations must be legitimate entities in the PURA-SCIS protocol. The Scyther tool was used for protocol verification in PURA-SCIS. The experimental results showed that the proposed PURA-SCIS protocol provided good security properties, including public verifiability for all entities, blockless verification, data privacy preservation, identity privacy preservation and traceability, and private information sharing. PURA-SCIS also provided a high degree of confidentiality to protect the security and integrity of cyber-incident-related information exchanged among sectoral organizations via cloud services.

Publicly Verifiable M + 1st-Price Auction Fit for IoT with Minimum Storage

In an M + 1 st-price auction, all bidders submit their bids simultaneously, and the M highest bidders purchase M identical goods at the M + 1 st bidding price. Previous research is constructed based on trusted managers such as a trusted third party (TTP), trusted mix servers, and honest managers. All of the previous auctions are not fit for edge-assisted IoT since they need TTP. In this paper, we formalize a notion of commutative bi-homomorphic multiparty encryption and achieve no-TTP M + 1 -st auction based on blockchain with public verifiability. Our M + 1 st auction guarantees financial fairness, robustness, and correctness without TTP and is secure under a malicious model for the first time. Our M + 1 st auction can be executed over a distributed network and is thus fit for edge-assisted IoT. Furthermore, our formalized commutative bi-homomorphic multiparty encryption can be used in various applications for edge-assisted IoT, which needs to protect privacy and correctness.

Securing Wireless Body Area Network with Efficient Secure Channel Free and Anonymous Certificateless Signcryption

In the last few years, the wireless body area network (WBAN) has emerged as an appealing and viable option in the e-health application domain. WBAN technology is primarily used to offer continuous screening of health data to patients, independent of their location, time, or activity. A WBAN, on the other hand, is vulnerable to different cyberattacks due to the openness of the wireless environment and the privacy of people’s physiological data. A highly efficient and secure cryptographic scheme that can fulfill the needs of resource-constrained WBAN sensors and devices is considered necessary. First, we take a look at the most up-to-date security solutions for WBANs. Then, we go through some of the underlying concerns and challenges with WBAN security. We propose a new framework called secure channel free certificateless signcryption scheme for WBANs based on a hyperelliptic curve that can meet security requirements such as confidentiality, anonymity, integrity, resistance against unauthorized users, unforgeability, public verifiability, forward secrecy, and antireplay attack, all of which can be achieved with low computation and communication costs. The computation cost of the proposed scheme is 3.36 ms, which is much better than its counterpart schemes.

A Traceable Online Will System Based on Blockchain and Smart Contract Technology

In recent years, with the rapid levels of economic development, there have been more and more problems in property inheritance and distribution. In today’s society, people still have many taboos when writing a will. Writing a will not only involves various laws and regulations but also costs a lot of money and time, which can be daunting. However, with the development of the Internet, blockchain technology has gradually been applied to many applications. Blockchain technology uses consensus algorithms to ensure consistency and records transaction information in blocks to ensure the effectiveness of transactions. In this paper, we use the cryptography mechanism to propose an online will system based on blockchain and smart contract technology. The architecture considers effectiveness and cost reduction. By combining this with blockchain technology, will assets are saved in blocks, which provides comprehensive will security and non-tamperable security protection. In addition, combined with a smart contract, it realizes the method of automatic property distribution. At the same time, this mechanism also proposes an arbitration solution when there are disputes over wills, and ensures the integrity of data, public verifiability, unforgeability, nonrepudiation, irreversibility of information, and the ability to resist counterfeiting attacks.

Privacy preserved secured outsourced cloud data access control scheme with efficient multi-authority attribute based signcryption

Privacy preserved outsourced data access control is a hard task under the control of third–party storage server. To overcome obstacles in the third party based scenario, Attribute-based signcryption system with bilinear pairing tool is one of the most suitable methods in cloud. It maintains the basic features of security like, authenticity, confidentiality, public verifiability, owner privacy, etc. Although, this method has some challenges like a centralized authority used for user secret key generation for de-signcryption operation, and lack in competent attribute revocation. To overcome the issues, we have proposed a scheme of attribute revocable privacy preserved outsourced based data access control mechanism using Attribute-based signcryption. The proposed method allows multi-authorities for assigning both attribute and secret keys for users along with trusted certified authority, which provides security parameters. The analysis of the proposed method shows less computation cost in decryption and authentication verification. The almost same performance and efficiency is found while comparing with the existing schemes after adding new features.

An hyper elliptic curve based efficient signcryption scheme for user authentication

With ever growing popularity, wireless communication system also vulnerable to various security attacks. To provide high level security, many cryptographic solutions have been proposed. One such solution is signcryption, where authenticity and confidentiality provided by single logical step. Therefore, signcryption scheme helps to reduce computational cost, but it is not feasible for resource constraint environments. Because, most of the existing approaches were based on El-Gamal, bilinear pairing, Rivest-Shamir-Adleman (RSA), and Elliptic curve Cryptography (ECC). They consume more energy due to their increased key size. Hence, the new signcryption approach is proposed based on Hyper Elliptic Curve Cryptosystem (HECC) whose key size is much lesser than ECC. It significantly reduces the cost of computation and communication overhead by half the amount of ECC which suits well for resource constraint environments. Further, the proposed scheme attains necessary security features along with forward secrecy and public verifiability. On the other hand, the security of the approach is validated through an automated protocol validation tool – AVISPA.