filter by: Publication Year
(Descending) Articles
Journal of Information Security and Applications (22142126) 89
The widespread availability of DNA sequencing technology has led to the genetic sequences of individuals becoming accessible data, creating opportunities to identify the genetic factors underlying various diseases. In particular, Genome-Wide Association Studies (GWAS) seek to identify Single Nucleotide Polymorphism (SNPs) associated with a specific phenotype. Although sharing such data offers valuable insights, it poses a significant challenge due to both privacy concerns and the large size of the data involved. To address these challenges, in this paper, we propose a novel framework that combines both federated learning and blockchain as a platform for conducting GWAS studies with the participation of single individuals. The proposed framework offers a mutually beneficial solution where individuals participating in the GWAS study receive insurance credit to avail medical services while research and treatment centers benefit from the study data. To safeguard model parameters and prevent inference attacks, a secure aggregation protocol has been developed. The evaluation results demonstrate the scalability and efficiency of the proposed framework in terms of runtime and communication, outperforming existing solutions. © 2025
Expert Systems with Applications (09574174) 262
Generative Adversarial Networks (GANs) do not ensure the privacy of the training datasets and may memorize sensitive details. To maintain privacy of data during inference, various privacy-preserving GAN mechanisms have been proposed. Despite the different approaches and their characteristics, advantages, and disadvantages, there is a lack of a systematic review on them. This paper first presents a comprehensive survey on privacy-preserving mechanisms and offers a taxonomy based on their characteristics. The survey reveals that many of these mechanisms modify the GAN learning algorithm to enhance privacy, highlighting the need for theoretical and empirical analysis of the impact of these modifications on GAN convergence. Among the surveyed methods, ADAM-DPGAN is a promising approach that ensures differential privacy in GANs for both the discriminator and the generator networks when using the ADAM optimizer, by introducing appropriate noise based on the global sensitivity of discriminator parameters. Therefore, this paper conducts a theoretical and empirical analysis of the convergence of ADAM-DPGAN. In the presented theoretical analysis, assuming that simultaneous/alternating gradient descent method with ADAM optimizer converges locally to a fixed point and its operator is L-Lipschitz with L < 1, the effect of ADAM-DPGAN-based noise disturbance on local convergence is investigated and an upper bound for the convergence rate is provided. The analysis highlights the significant impact of differential privacy parameters, the number of training iterations, the discriminator's learning rate, and the ADAM hyper-parameters on the convergence rate. The theoretical analysis is further validated through empirical analysis. Both theoretical and empirical analyses reveal that a stronger privacy guarantee leads to a slower convergence, highlighting the trade-off between privacy and performance. The findings also indicate that there exists an optimal value for the number of training iterations regarding the privacy needs. The optimal settings for each parameter are calculated and outlined in the paper. © 2024 Elsevier Ltd
Journal of Supercomputing (15730484) 81(1)
With the fast development of cloud computing, clients without enough computational power can widely outsource their heavy computations to cloud service providers. One of the most widely used and costly operations in cryptographic protocols is modular exponentiation, which can be computed at a lower cost by enjoying advantages of cloud computing, however, at the same time we need to address new challenges such as data privacy and verification of results. In this paper, first, we propose a secure outsourcing of single modular exponentiation protocol with verifiability one. Although the proposed single exponentiation scheme has the same verifiability as Ren’2018, but our scheme requires one less modular multiplication. However, the main contribution of this paper is proposing a scheme for outsourcing of multiplications of several modular exponentiations, hereafter called as composite exponentiation, which to the best of our knowledge, and is the first outsourcing scheme with full verification for composite exponentiation. As the evaluation results show, the advantages of this scheme, in comparison with state of the art schemes, are evident in terms of performance and verifiability criteria. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.
Annales des Telecommunications/Annals of Telecommunications (00034347) 79(11-12)pp. 833-842
Internet of Things (IoT) has revolutionized data manipulation across various applications, particularly in online healthcare paradigm, where medical data are collected and processed for remote monitoring and analysis. To improve the privacy and security of such sensitive healthcare data, the attribute-based encryption (ABE) with non-monotonic access policies has recently provided a fine-grained access control within cloud and IoT-based healthcare ecosystems. Specifically, the adoption of multi-authority ABE with untrusted authorities has eliminated the need for a trusted authority. However, ensuring the privacy of user’s identity and attribute sets from these untrusted authorities remains a significant challenge in this context. To address this challenge, this paper introduces an enhanced multi-authority ABE approach, incorporating a robust attribute revocation mechanism. This enhancement safeguards user’s identity and attribute-set privacy while remaining resilient against collusion attacks and ensuring backward secrecy. Moreover, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations. © Institut Mines-Télécom and Springer Nature Switzerland AG 2024.
The high ability of generative models to generate synthetic samples with distribution similar to real data samples brings many benefits in various applications. However, one of the most major elements in the success of generative models is the data that is used to train these models, and preserving privacy of this data is necessary. However, various studies have shown that the high capacity of genera-tive models leads to memorizing the details of the training data by these models, and different attacks have been conducted against generative models which infer information about training data from trained model. Also, many privacy-preserving mechanisms have been proposed to defend against these attacks. In this chapter, after introducing the topic, the privacy attacks against generative models and rele-vant defense mechanisms are discussed. In particular, the privacy attacks and related privacy preserving methods are categorized and discussed. Then, some challenges and future research directions are examined. © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Applied Intelligence (0924669X) 53(9)pp. 11142-11161
Privacy preserving data release is a major concern of many data mining applications. Using Generative Adversarial Networks (GANs) to generate an unlimited number of synthetic samples is a popular replacement for data sharing. However, GAN models are known to implicitly memorize details of sensitive data used for training. To this end, this paper proposes ADAM-DPGAN, which guarantees differential privacy of training data for GAN models. ADAM-DPGAN specifies the maximum effect of each sensitive training record on the model parameters at each step of the learning procedure when the Adam optimizer is used, and adds appropriate noise to the parameters during the training procedure. ADAM-DPGAN leverages Rényi differential privacy account to track the spent privacy budgets. In contrast to prior work, by accurately determining the effect of each training record, this method can distort parameters more precisely and generate higher quality outputs while preserving the convergence properties of GAN counterparts without privacy leakage as proved. Through experimental evaluations on different image datasets, the ADAM-DPGAN is compared to previous methods and the superiority of the ADAM-DPGAN over the previous methods is demonstrated in terms of visual quality, realism and diversity of generated samples, convergence of training, and resistance to membership inference attacks. © 2022, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
ISeCure (20083076) 15(2)pp. 139-153
Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily guarantee training privacy as these models may memorize details of training data samples. When these models are built using sensitive data, the developers should ensure that the training dataset is appropriately protected against privacy leakage. Hence, quantifying the privacy risk of these models is essential. To this end, this paper focuses on evaluating the privacy risk of publishing the generator network of GAN models. Specially, we conduct a novel generator white-box membership inference attack against GAN models that exploits accessible information about the victim model, i.e., the generator’s weights and synthetic samples, to conduct the attack. In the proposed attack, an auto-encoder is trained to determine member and non-member training records. This attack is applied to various kinds of GANs. We evaluate our attack accuracy with respect to various model types and training configurations. The results demonstrate the superior performance of the proposed attack on non-private GANs compared to previous attacks in white-box generator access. The accuracy of the proposed attack is 19% higher on average than similar work. The proposed attack, like previous attacks, has better performance for victim models that are trained with small training sets. © 2020 ISC. All rights reserved.
ISeCure (20083076) 15(1)pp. 17-26
Steganography is a solution for covert communication, and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without a manual change in the original data and the readiness of the blockchain platform for data transmission and storage. By reviewing the previous four steganography schemes in blockchain, we have examined their drawback and shown that most of them are non-practical schemes for steganography in the blockchain. We have proposed two algorithms for steganography in blockchain, the first one is a high-capacity algorithm for the key and the steganography algorithm exchange and switching, and the second is a medium-capacity algorithm for embedding hidden data. The proposed method is a general method for steganography in each blockchain, and we investigate how it can be implemented in the two most popular blockchains, Bitcoin and Ethereum. Experimental result shows the efficiency and practicality of the proposed method in terms of execution time, latency, and steganography fee. Finally, we have explained the challenges of steganography in blockchain from the steganographers’ and steganalyzers’ points of view. © 2020 ISC. All rights reserved.
Expert Systems with Applications (09574174) 224
Generative Adversarial Networks (GANs) are known to implicitly memorize details of sensitive data used to train them. To prevent privacy leakage, many approaches have been conducted. One of the most popular approaches is Differential Private Gradient Descent GANs (DPGD GANs), where the discriminator's gradients are clipped, and an appropriate random noise is added to the clipped gradients. In this article, a theoretical analysis of DPGD GAN convergence behavior is presented, and the effect of the clipping and noise perturbation operators on convergence properties is examined. It is proved that if the clipping bound is too small, it leads to instability in the training procedure. Then, assuming that the simultaneous/alternating gradient descent method is locally convergent to a fixed point and its operator is L-Lipschitz with L<1, the effect of noise perturbation on the last-iterate convergence rate is analyzed. Also, we show that parameters such as the privacy budget, the confidence parameter, the total number of training records, the clipping bound, the number of training iterations, and the learning rate, affect the convergence behavior of DPGD GANs. Furthermore, we confirm the effectiveness of these parameters on the convergence behavior of DPGD GANs through experimental evaluations. © 2023 Elsevier Ltd
IEEE Transactions on Cloud Computing (21687161) 11(3)pp. 2459-2472
With the advent of Cloud-storages, secure sharing of encrypted data with fine-grained access control has become an important challenge. To enforce fine-grained access rights on encrypted data to different users, Attribute-Base Encryption (ABE) is a promising cryptographic tool. But in many situations, some pirate users sell their access privileges for monetary gain. Hence, an efficient Black-Box Traitor Tracing (BB-TT) system is vital to address the corresponding Pirate Decoders (PDs). But, in the existing BB-TTs, the tracing complexity is directly related to the maximum number of users in the system. This article proposes an ABE-based access control system that provides a new Relaxed BB-TT. Our Relaxed BB-TT addresses the complexity problem by exploring the pirate user with an optimal number of decryption queries on the PD. The optimal number of queries leads to the exciting capability of traceability of stateful decoders (i.e., the decoder that can save the states among the Tracer's queries). Finally, our system provides White-Box traceability and reduces the amount of trust in the authorities. We give formal security proofs and extensive experimental results on different classes of mobile devices, including a laptop and a smartphone. © 2013 IEEE.
Attribute-Based Encryption (ABE) with non-monotonic access policies provides fine-grained access control for widespread applications like Cloud-assisted HealthIoT systems. In this context, multi-authority ABE with untrusted authorities eliminates the need for a trusted authority, but ensuring user's identity and attributes-set privacy against these authorities remains a significant challenge. This paper proposes a new, efficient multi-authority ABE approach that preserves user's identity privacy and attributes-set privacy, and is secure against collusion attack. Also, the proposed approach provides non-monotonic access policies, which supports positive and negative constraints using NOT operation as well as AND and OR operations. © 2023 IEEE.
Journal of Reliable Intelligent Environments (21994668) 9(4)pp. 447-461
Nowadays, the increasing use of internet in vehicular environments leads to the Vehicular Social Network (VSN) concept as an instance of Internet of Things applications in transportation industry. Information sharing between users in vehicular networks should be done in a privacy-preserving manner, especially users’ location privacy should be preserved. It is also essential to motivate users to participate in the information-sharing system. Moreover, users should be encouraged to behave honestly in the system. This paper presents an information-sharing scheme in VSN, in which not only preserving the privacy of users is supported, but also provides sufficient incentives for users to participate in the system. In addition, the reputation factor is used to encourage users to behave honestly. In the proposed scheme, the Internet platform (Internet of Vehicles) is used for information sharing instead of using the commonly used short-range communication. Furthermore, a ticketing system is used for motivating users to participate in the system. To evaluate the proposed scheme, the Veins simulation tool is used along with the actual data in the Créteil data set. The results of evaluation and analysis of the proposed method show that the quality of the delivered messages affects the number of rewards received by users and also the system works in a fair manner. On the other hand, the system operation is monitored in the presence of whitewashing and slandering attackers. As the result, the proposed system could be reliable in the presence of certain percentages of attackers, depending on the used operation modes. Finally, to ensure the privacy of users, the appropriate size for the areas of movement of vehicles has been analyzed and discussed. © 2022, The Author(s), under exclusive licence to Springer Nature Switzerland AG.
IEEE Transactions on Dependable and Secure Computing (15455971) 19(4)pp. 2476-2487
The Edge-Fog-Cloud interplay in the Internet-of-Things (IoT) leads to many exciting data-sharing applications that use access control systems as primary requirements. To ensure a fine-grained data access control for such data-sharings on untrusted storage (e.g., Cloud), Attribute-Based Encryption (ABE) is a promising tool. To address privacy concerns in such ABE-based access control systems, we propose a new Privacy-preserving Distributed data Access control (PDAC) in CloudIoT. Our PDAC improves the previous privacy-preserving distributed ABE systems in three aspects. The first introduces a new user's anonymity approach against the colluding untrusted (honest-but-curious) authorities. The second presents a novel policy-hiding mechanism that efficiently preserves the privacy of policy-forming attributes (metadata) against colluding parties. The third introduces an independent-authorities system for our privacy-preserving improvements, where an authority can join and leave the system without reinitializing other authorities. Moreover, our PDAC offloads the user's computations over the Cloud servers for efficiency enhancement. We prove the security of our PDAC through formal analysis. Then, we present empirical results on different classes of mobile devices, including a laptop and a smartphone. © 2004-2012 IEEE.
Using generative models to generate unlimited number of synthetic samples is a popular replacement of database sharing. When these models are built using sensitive data, the developers should ensure that the training dataset is appropriately protected. Hence, quantifying the privacy risk of these models is important. In this paper, we focus on evaluating privacy risk of publishing generator in generative adversarial network (GAN) models. Specially, we conduct a white box membership inference attack against GAN models. The proposed attack is applicable to various kinds of GANs. We evaluate our attack accuracy with respect to various model types and training configurations. The results demonstrate superior performance of the proposed attack compared to previous attacks in white box generator access. © 2021 IEEE.
Steganography is a solution for covert communication and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without manual change in the original data, as well as the readiness of the blockchain platform for data transmission and storage, which eliminates the need for the Steganographer to design and implement a new platform for data transmission and storage. We have proposed two algorithms for steganography in blockchain, the first one is a high-capacity algorithm for the key and the steganography algorithm exchange and switching, and the second one is a medium-capacity algorithm for embedding hidden data. Also, by reviewing the previous three steganography schemes in blockchain, we have examined their drawback and have showed that none of them are practical schemes for steganography in blockchain. Then, we have explained the challenges of steganography in blockchain from the steganographers and steganalyzers point of view. © 2021 IEEE.
Future Generation Computer Systems (0167739X) 110pp. 45-56
Attribute-Based Encryption (ABE) has emerged as powerful cryptographic tools to bring fine-grained access control with widespread applications such as Cloud-assisted IoT data sharing. Subsequently, decentralized ABE with untrusted attribute authorities is proposed to remove the online Trusted Authority (TA). In the decentralized architecture, a user as a data customer (e.g., IoT-device) submits his attributes to the untrusted authorities to get the private keys. In the architecture, user's privacy, against the untrusted authorities, is a significant challenge that must be ensured (e.g., E-health Cloud application). In this paper, we address the privacy issue in the decentralized ABE and propose a novel anonymous and decentralized attribute-based encryption in the standard model. It preserves the user's anonymity against the authorities in an efficient manner. In our solution, we use cryptographic accumulators to verify the user's attributes anonymously. Then, we include the accumulator in the ciphertext to ensure the ABE access control against unauthorized users. Moreover, in some applications, access structures (encryption/decryption policy) include sensitive information and should be obfuscated from everyone minus the users whose secret key attributes meet the access structures. To ensure the hidden policy, we propose an efficient and decentralized policy obfuscation technique to preserve the privacy of the policy against the Public Cloud Server (PCS). It is exciting for a decentralized environment where the authorities are untrusted and may collude with the PCS. To be applicable for IoT resource-constrained devices, we outsource the expensive decryption computation over powerful Cloud servers. Then, we formally analyze the security properties of the proposed scheme and conduct experimental results to show its efficiency. Finally, we briefly explain how the features of the proposal meet the requirements of some real-world applications. © 2020
Peer-to-Peer Networking and Applications (19366450) 13(1)pp. 207-218
With the advent of cloud computing, data owners are motivated to outsource their data to public clouds for decreasing the cost of management systems. For protecting data privacy, sensitive data must be encrypted before outsourcing. So, equipping cloud server with search service over encrypted data is an important issue. Considering the large number of data users and documents in the cloud, users may be interested to perform multi-keyword search and receive the most related data. In this paper, we investigate the Pasupuleti et al.’s scheme which is a multi-keyword ranked search over encrypted cloud data. Their scheme has problems in index construction, trapdoor generation and search procedures. We address these problems and suggest a multi-keyword ranked search over encrypted data on cloud storage. The proposed ranked searchable encryption scheme enhances system usability by ranking results instead of just sending undifferentiated results and ensures file retrieval accuracy. We also use the relevance score from information retrieval to build a secure searchable index, and apply an additive order-preserving encryption to protect the sensitive scores of files. Our scheme also guarantees access control of users during the data retrieval by attribute-based encryption. Analysis shows that our scheme is secure and efficient for cloud storage. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
Today with development of smart grids (SG), security and efficiency topics are more important than the past. In smart grids, there are smart meter (SM) devices in residential area that send their measured data to control center (CC) for future analysis. This way, user data may pass through a few internal nodes to reach the CC. Hence, privacy preserving of user data is one of the biggest challenges in smart grid researches because by disclosing the user-related data, internal or external adversary can understand habits and behaviors of users. A solution to address this challenge is the data aggregation mechanism in which CC obtain the aggregated data of all of the users in a residential area (RA). In this paper, we present an efficient approach for data aggregation in smart grids using the AV-net mask and Paillier encryption system to preserve the user data privacy. The proposed protocol does not need any secure channel. Besides, the conducted security and performance analysis shows that not only the proposed approach is secure against eavesdropping attack and collusion up to n-2 level, but also its computational overhead is acceptable comparing the previous works. © 2019 IEEE.
Acta Informatica Medica (03538109) 27(1)pp. 19-22
Introduction: Today, new health care models are being proposed with the aim of reducing hospital beds and providing services in primary facilities and homes. These models are developed with the focus on the patients and towards their self-management and self-accomplishment of the activities. Among these, Mobile Health Technology seems to be appropriate for making a new model in palliative care and in different types of care, in general. Palliative care Application (app)can pave the way for promoting the patients’ knowledge and thus improving their quality of life, which, in turn, can provide appropriate care at the end of the patients‘life. Aim: This study endeavored to develop the initial version of Mobile Application for cancer Palliative care for the purpose of improving the quality of Iranians’ life. Methods: A mixed method study was conducted in three Phases as follows: 1) comparative study of current mobile applications; 2) developing an object-oriented conceptual model for mobile apps; and 3) developing the initial version of Ghasedak (Ghasedakis the Persian word stand for “Dandelion”) approved for production. Results: Ghasedak was developed for the appropriate cancer self-care, with such functionalities as user training; including cancer definition, cancer factors, its signs and symptoms, types, prevention, cure, adherence to the constraints, strategies for reducing anxiety and overcoming fear, definition and importance of palliative care, management of physical, psychological, social as well as spiritual complications. Ghasedak also includes Clinicians appointment reminds, personal health, user guide, application setting, and patient notes. Conclusion: Ghasedak was developed in compliance with Iranian experts’ opinions. It seems it would be of help in self-care of patients with needed to palliative care. © 2019 Nafiseh Salimian, Asghar Ehteshami, Maede Ashouri-Talouki.
International Journal of Engineering Transactions C: Aspects (24237167) 32(9)pp. 1290-1298
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a novel authentication mechanism and a new revocation approach. To wide-spread adoptions of ABE for a resource-constrained device, a very light-weight authentication mechanism is required to authentication ciphertext before starting cost expensive ABE techniques to thwart Denial-of-Service (DoS) attacks which are used to power depletion and network downing purposes by attackers. We introduce and address the problem to more robustness of whole networks when DoS attacks are present. Moreover, we propose an efficient revocation mechanism which is a very important challenge in the context. Finally with a discussion on different aspects of the proposal and extensive experimental results we show its profitability. © 2019, Materials and Energy Research Center. All rights reserved.
Wireless Networks (10220038) 25(8)pp. 4799-4814
Location-based services (LBSs) allow users to ask location-dependent queries and receive information based on their location. A group of users can send a group-nearest-neighbor (GNN) query in order to receive a Point Of Interest (POI). This POI in turn shows a point which is the minimum distance from all members of the group. To benefit from these services, it is important to preserve the location privacy of each group user from others in the group (Intragroup location privacy) as well as from anyone outside of the group, including the LBS, (Intergroup location privacy). It may also be necessary to protect the location privacy of the resulting POI from the LBS and other possible attackers. In this paper, we propose two different privacy-preserving protocols for finding the exact answer to a GNN query among a set of returned POIs. The first protocol assumes a semi-honest model while the second one works in a malicious model. The proposed protocols are based on the Anonymous Veto network and Burmester–Desmedt key establishment protocols. The security analysis shows that the proposed protocols provide both Intragroup and Intergroup location privacy; they also protect the location privacy of the resulting POI and are resistant to collusion and multi-point aggregate distance attacks. The performed analyses indicate that they incur a constant computation cost per user and are efficient in terms of computation and communication costs. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
Peer-to-Peer Networking and Applications (19366450) 12(1)pp. 43-59
Wireless sensor networks (WSNs) play an important role and support a variety of real time applications, such as healthcare monitoring, military surveillance, vehicular tracking and, so on. Secure and real time information accessing from the sensor nodes in these applications is very important. Because wireless sensor nodes are limited in computing and communication capabilities and data storage, it is very crucial to design an effective and secure lightweight authentication and key agreement scheme. Recently, Gope et al. proposed a realistic lightweight anonymous authentication scheme in WSNs and claimed that their scheme satisfied all security concerns in these networks. However, we show that in their scheme the adversary can obtain the session key between the user and the sensor node. In order to fix this drawback, we propose an improved three-factor authentication scheme which is more suitable than Gope et al.’s scheme and also provides more desired security properties such as three-factor authentication and access control. Through the informal analysis, we show that our scheme is secure against various known attacks including the attack found in Gope et al.’s scheme. Furthermore, we have demonstrated the validity of our proposed scheme using the BAN logic. As compared with the previous authentication schemes, the proposed scheme is not only more secure but also enough practical and competitive with existing schemes. © 2017, Springer Science+Business Media, LLC, part of Springer Nature.
Peer-to-Peer Networking and Applications (19366450) 11(1)pp. 34-43
Joint and secure computation of the private data inputs of a group of users is an interesting problem in current P2P applications. The original problem of this type is the Millionaires’ Problem, in which two millionaires wish to know who is richer without disclosing their wealth. In this paper, we study the general case of the Millionaires’ Problem, in which a group of users try to compute the greatest value among their private inputs. We propose two solutions to address this problem. The first solution, which we call Smax-SH, is based on the AV-net protocol. It computes the greatest value while preserving the private input privacy in the semi-honest model. The second solution, called Smax-M, computes the maximum private value in the malicious model. The Smax-M protocol applies a zero-knowledge proof for security from malicious participants and active adversaries. We discuss the performance and security analysis of the proposed protocols and show that the each is efficient in terms of computation and communication costs. We also show that the Smax-M protocol is secure against a partial collusion attack in a malicious model. © 2016, Springer Science+Business Media New York.
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource constrained devices in cloud computing environment. To wide-spread adoptions of ABE for resource-constrained device, very light-weight authentication mechanism is required to authentication ciphertext before starting cost expensive ABE techniques to thwart Denial-of-Service (DoS) attacks which are used to power depletion and network downing purposes by attackers. We introduce and address the problem to more dependability and robustness of whole networks when DoS attacks are present. Finally with discussion on different aspects of the proposal we show its profitability. © 2018 IEEE.
Journal of Supercomputing (15730484) 74(1)pp. 509-525
In recent years, RFID (radio-frequency identification) systems are widely used in many applications. One of the most important applications for this technology is the Internet of things (IoT). Therefore, researchers have proposed several authentication protocols that can be employed in RFID-based IoT systems, and they have claimed that their protocols can satisfy all security requirements of these systems. However, in RFID-based IoT systems we have mobile readers that can be compromised by the adversary. Due to this attack, the adversary can compromise a legitimate reader and obtain its secrets. So, the protocol designers must consider the security of their proposals even in the reader compromised scenario. In this paper, we consider the security of the ultra-lightweight RFID mutual authentication (ULRMAPC) protocol recently proposed by Fan et al. They claimed that their protocol could be applied in the IoT systems and provide strong security. However, in this paper we show that their protocol is vulnerable to denial of service, reader and tag impersonation and de-synchronization attacks. To provide a solution, we present a new authentication protocol, which is more secure than the ULRMAPC protocol and also can be employed in RFID-based IoT systems. © 2017, Springer Science+Business Media, LLC.
International Journal of Security and Networks (17478413) 13(2)pp. 71-83
Shellcode is a code injected by the attackers to vulnerable software to gain access to the command prompt. The byte patterns of shellcodes help the intrusion detection systems to detect this type of shellcodes. To avoid detection, encoding algorithms is used by the attacker to encode the byte patterns. The detection of these encoded shellcodes is a challenging problem. To detect these encoded shellcodes, we perform a static analysis of encoding algorithms of Metasploit engine to extract the byte patterns (signature) of these algorithms. Then, we introduce a regular expression-based language called GtS to express these signatures. The experimental results show the effectiveness of our signatures in terms of accuracy and false positive rate. © 2018 Inderscience Enterprises Ltd.
D2D communications empower operators to offer their services at the highest level of quality provided that issues concerning availability and security are addressed first. The explosive amount of mobile data traffic, on one hand, and the growing demand for available services on the other hand, motivate us to propose a secure, lightweight and available data sharing scheme for D2D communications. Data sharing, an increasingly popular service among mobile users, could play a noticeable role in offloading the traffic data from operators if handled by D2D communications. In this paper, we propose an efficient protocol for secure data sharing in D2D communication. In the proposed protocol, the major security challenges about data sharing like, data confidentiality, integrity, detecting message modification, and preventing the propagation of malformed data are considered. Additionally, not only unauthorized users are banned from using our service, but also by keeping records about the history of the authorized users actions, we are able to punish misbehaving users, if their malicious behavior exceeds a threshold. The evaluation of the proposed protocol proves that it is more lightweight than the previous works and supports the security requirements of data sharing scheme. © 2017 IEEE.
Location-based queries have brought challenging privacy issues for mobile users. Having access to data, anytime from anywhere, raises many security concerns. One of these concerns is user's location privacy, where a user must reveal her location to get the desired result. The question is how to benefit from such queries without endangering user's location privacy. This paper presents a new method called 'BlindLocation', to support users' location privacy during the use of location-based queries. In BlindLocation method, without a third trusted party, the user gets the desired service with a high quality while preserving her location privacy. In this method, the mobile database server receives a location-dependent query and a location object without any clue about the owner of this information. BlindLocation also provides a mechanism to anonymously authenticate the user, such that the mobile database cannot access to users' identities, while it can verify users' authorization. Consequently, location information is protected from the mobile databases, as well as malicious attackers. Extensive experiments show that the proposed protocol is efficient in terms of computation and communication costs. A security analysis shows the resistance of the protocol against collusion, disruption and background knowledge attacks in a malicious model. © 2017 IEEE.
International Journal of Electronic Security and Digital Forensics (17519128) 9(1)pp. 19-34
Secure summation is one of the most applicable functions of secure multiparty computation (MPC) in which a group of users securely computes the summation value of their private inputs. The current solutions to this problem are basically on adding a random number to private inputs or splitting the inputs among users which need secure channel among members. Moreover, to be resistant against collusion of n - 2 players, they impose high communication cost. In this paper, we propose three cryptography-based protocols for secure sum that do not need secure channel and are secure against collusion of n - 2 players. Also, the communication cost of the proposed protocols is of complexity O(n). Based on the privacy requirements, the proposed protocols can provide the final result privacy as well as the private input privacy. Copyright © 2017 Inderscience Enterprises Ltd.
Vehicular systems are an application of the internet of things (IoT) in which vehicles are equipped with sensors. In this system, sensors collect traffic information and send data to the nearest sink node. By analyzing this information special users, including police officers, can make better decisions. In this scenario, confidentiality and integrity of the information against active and passive attacks are vital. To provide these important security requirements in vehicular systems, researchers have proposed numerous authentication protocols. Recently, Mohit et al. proposed a new authentication protocol in vehicular systems and claimed that their protocol is secure against smartcard stolen attack, traceability attack and session key attack. However, in this paper we prove that their protocol is not only vulnerable against the aforementioned attacks but also it cannot preserve sensor node anonymity. Finally, we propose a new improved authentication protocol with better security; our experimental results show that our protocol not only is secure against the above attacks but also is still enough lightweight. © 2017 IEEE.
Recently, Eiza et al. proposed a secure and privacy-aware scheme for video reporting service in 5G enabled Vehicular Ad hoc Networks (VANET). They employ heterogeneous network and cloud platform to obtain more availability with low latency platform for an urgent accident video reporting service. In their study, for the first time the security issues of 5G enabled vehicular networks have been addressed. Eiza et al. claimed that their scheme guarantees user's privacy, confidentiality, non-repudiation, message integrity and availability for participant vehicles. In this paper, we show that Eiza et al. scheme is vulnerable to replay, message fabrication and DoS attacks. Regarding the sensibility of video reporting services in VANET, then, we propose an efficient protocol to overcome security weaknesses of Eiza et.al. scheme and show that the proposed protocol resists against commonplace attacks in VANET with acceptable communication and computation overhead. © 2017 IEEE.
Knowledge and Information Systems (02191377) 45(3)pp. 589-615
Several techniques have been recently proposed to protect user location privacy while accessing location-based services (LBSs). However, applying these techniques to protect location privacy for a group of users would lead to user privacy leakage and query inefficiency. In this paper, we propose a two-phase protocol, we name Cloaked-Centroid, which is designed specifically to protect location privacy for a group of users. We identify location privacy issues for a group of users who may ask an LBS for a meeting place that is closest to the group centroid. Our protocol relies on spatial cloaking, an anonymous veto network and a conference key establishment protocol. In the first phase, member locations are cloaked into a single region based on their privacy profiles, and then, a single query is submitted to an LBS. In the second phase, a special secure multiparty computation extracts the meeting point result from the received answer set. Our protocol is resource aware, taking into account the LBS overhead and the communication cost, i.e., the number of nearest neighbor queries sent to a service provider and the number of returned points of interests. Regarding privacy, Cloaked-Centroid protects the location privacy of each group member from those in the group and from anyone outside the group, including the LBS. Moreover, our protocol provides result-set anonymity, which prevents LBS providers and other possible attackers from learning the meeting place location. Extensive experiments show that the proposed protocol is efficient in terms of computation and communication costs. A security analysis shows the resistance of the protocol against collusion, disruption and background knowledge attacks in a malicious model. © 2014, Springer-Verlag London.
International Journal of Multimedia and Ubiquitous Engineering (discontinued) (19750080) 9(1)pp. 361-368
This paper analyzes Chun et al.'s e-voting protocol for mobile ad-hoc network and modifies it based on blind signature technique to support anonymous voting property. Based on this property the trusted node cannot learn who has voted for whom. As the previous protocol, the modified protocol does not need any centralized administration. We analyze security and computation cost of the proposed protocol and show that it is well suited for mobile environments. © 2014 SERSC.
Turkish Journal Of Electrical Engineering And Computer Sciences (13000632) 21(SUPPL. 1)pp. 1857-1870
Location privacy is an interesting problem that has been receiving considerable attention. This problem has been widely discussed from the individual point of view; however, there exist only a few works that support location privacy for a group of users. In this paper we consider the problem of supporting location privacy for a group of users during the use of location-based services (LBSs). We assume a group of users who want to benefit from a LBS and find the nearest meeting place that minimizes their aggregate distance. Each user in this scenario wants to protect his or her location from the LBS, outside attackers, and other group members. We show that individual solutions for location privacy cannot be directly applied to the group location privacy problem and a special solution must be developed. We identify the privacy issues for this group scenario and propose a resource-aware solution in order to satisfy these group privacy issues. Our solution is based on secure multiparty computation and the anonymous veto network protocol. The proposed protocol decreases the number of group queries to a large extent, as it only sends a single query to the LBS. Consequently, the LBS overhead to evaluate the query and the size of the LBS result are significantly decreased. The proposed protocol also protects the LBS from the excessive disclosure of points of interest and the LBS provider only needs to apply an existing private nearest neighbor (NN) query algorithm instead of an aggregate NN query algorithm. The performance and security analysis show that the protocol is secure against a partial collusion attack and a denialof- service attack in a malicious model.
Computer Communications (1873703X) 35(12)pp. 1527-1533
Recently, location privacy during the use of location-based services (LBSs) has raised considerable concerns. There is a wide literature on location privacy from the individual point of view; however, there exist only a few works to support location privacy for a group of users. In this paper, we consider location privacy issues for a group of users who may ask an LBS for a meeting place that minimizes their aggregate distance. The proposed solution, which we call the Group Location Privacy (GLP) protocol, is based on the Anonymous Veto network (AV-net) and homomorphic encryption. It preserves the location privacy of all users even in the case of collusion. Our solution also tries to minimize the LBS overhead for nearest neighbor (NN) queries and communication, i.e., to decrease the number of NN queries sent to an LBS and the number of points of interest (POIs) it returns. Furthermore, GLP greatly decreases the bandwidth usage to a high extent and protects the LBS provider from excessive disclosure of POIs. We discuss the performance and security analysis of the GLP protocol and show that the proposed protocol is secure against partial collusion in a malicious model. © 2012 Elsevier B.V. All rights reserved.
International Journal of Security and its Applications (discontinued) (17389976) 6(4)pp. 183-190
Recently user privacy becomes an important security goal in most computer applications especially in context aware services. One of the most popular services in this field is location-based services (LBSs) that deliver the desired data based on the user's location. Although these services make the life easier, they lead to a privacy risk. To get the desired services, a user should disclose her location; so her location privacy is threatened. In this paper we consider a group of users who wants to use a location-based service while preserving their location privacy. We propose a solution for this scenario and compare it with the previous solution. Analysis of our protocol shows the effectiveness of the proposed approach in terms of computation and communication costs.
Blinded data mining is a branch of data mining technique which is focused on protecting user privacy. To mine sensitive data such as medical information, it is desirable to protect privacy and there is not worry about revealing personalized data. In this paper a new approach for blinded data mining is suggested. It is based on ontology and k-anonymity generalization method. Our method generalizes a private table by considering table fields' ontology, so that each tuple will become k-anonymous and less specific to not reveal sensitive information. This method is implemented using protégé java for evaluation. ©2009 IEEE.
